Sign the JDBC data source records in the production instance

  • Release version: Washingtondc
  • Updated February 1, 2024
  • 2 minutes to read

    • Use update sets to sign and validate the JDBC data sources by enabling the code signing in production and trusted non-production instances.

    • Establish Circle of Trust between the production and trusted instances.
    • Role required: security_admin
    Note:
    • MID Server doesn't handle the file data sources and hence, these data sources are not code signed.
    • LDAP data sources can't be code signed.

    Sign existing data sources of the JDBC type

    Use update sets to bring mass signing jobs to the production instance.

    Procedure

    1. In the trusted instance, configure the KMF signing job to sign the data sources.
      1. Navigate to System Security > Security Jobs > All.
      2. Click New.
      3. On the form, fill these values.
        Field Description
        Name Name to identify the record.
        Type Type of the encryption job. Select Mass Sign Records.
        Table Table from which the records should be signed. Select Data Source.
      4. Click Export Code Signing job to production.
        A confirmation message is displayed that the update set is signed.
      5. Export the generated update set to an XML file.
    2. In the production instance, import and commit the update set to retrieve the mass signed jobs from trusted instance.
      1. Navigate to System Security > Security Jobs > All.
      2. Open the update set exported from the trusted instance.
      3. Click Start.
        A confirmation message is displayed that the records are signed.

    Sign new data sources of the JDBC type

    Use update sets to bring the signed update set to the production instance.

    Before you begin

    Role required: sn_kmf.cryptographic_manager

    Procedure

    1. In the non-production instance, start an update set.
      Start an update set.
    2. In the non-production instance, create the required data sources.
      Create a JDBC source.
      The data sources are added to the update set.
    3. In the non-production instance, change the state of the update set to Complete and click Update.
      Mark the update set as Complete.
    4. In the non-production instance, sign the update set by creating an encryption job.
      1. Navigate to System Security > Security Jobs > All.
      2. Click New.
      3. On the form, fill these values.
        Field Description
        Name Name to identify the record.
        Type Type of the encryption job. Select Sign Update Set.
        Table Update set from which the records should be signed.
      4. Click Submit.
      5. Click Start to sign the update set.
        Signed update set.
        • Summary is updated that the records are signed.
        • The update set is updated and includes the signature.
    5. In the non-production instance, open the signed update set record and export it to an XML.
    6. In the production instance, import the signed update set.
      1. Navigate to System Update Sets > Retrieved Update Sets.
      2. Click the Import Update Set from XML related link to import the update set that is exported from the trusted instance.
        For more information, see Import and commit the quick-start update set.
        The update set is committed successfully.