Introduction

This article offers two solutions for the missing encryption configuration in Intershop 7.4 CI in case you re-deploy and thus overwrite your valid settings.

Problem

The encryption configuration (keystore, randomfile, configuration files) coming with the new Intershop 7.4 CI deployment will (by default) be overriden with the original contents upon next redeployment (e.g., not containing property intershop.encryption.keystore.password). The intershop.keystore and random files however will still exist.
Upon next access of the keystore a new value for intershop.encryption.keystore.password is generated. This is now inconsistent with the keystore.

Here is an example encryption.properties:

intershop.encryption.keystore.password=Phvvkl3XWhnPmRBLwiWbSCS5bMwwxp3JtWx3Hwpr5j1UIwpJiT45Xsf9pmaIUFu55oZVg6qFddegZo9Ky169Zr3CMy
intershop.encryption.keystore.file=${IS_SHARE}/system/config/cluster/intershop.keystore
intershop.encryption.random.file=${IS_SHARE}/system/config/cluster/random

Solution

There are two solutions how to deal with this issue:

• Solution 1: Keeping the encryption.properties after initial deployment is advised for customers which do not use a continuous delivery, and administer their servers in a traditional, manual way.
• Solution 2: The deployment of the random-file, keystore and encryption.properties is advised for customers using continuous delivery. They want to be enabled to re-deploy their system automatically and repeatingly with the deployment.

The intershop.keystore and random files can be generated for example by dbinit.

Discussion

Keep the encryption.properties

For detailed information see Cookbook - Gradle Deployment Tools (look at 14 Recipe: Keep Local Modifications).

settings.gradle:

[...]
deploymentBootstrap {
    [...]
    config {
        [...]
        assemblyDeployment {
            [...]
            modificationPriorities = ['default', 'intershop', 'myProject']
        }
        
        deployment {
            modification {
                keep('encryptionProperties') {
                    priority 'myProject'
                    dir target.shareDirectory
                    include 'system/config/cluster/encryption.properties'
                }
            }
        }    
    }
}

Encryption Configuration (keystore, random-file, encryption.properties) as a Part of the Deployment

For detailed information see Cookbook - Gradle Deployment Tools (look at 8 Recipe: Deploy Custom Files).

1. Create the keystore, random-file and encryption.properties (generated by dbinit or server access).
2. Add these files to your deployment environment, e.g., to the folder of the settings.gradle.

3. Make the following entries in the settings.gradle: (add <keystore>,<random-file> and encryption.properties to deployment, exclude encryption.properties from core deployment).

   [...]
       deploymentBootstrap {
           [...]
           config {
               [...]
               deployment {
                   files {
                       additionalProperties {
                           // Copy the files from the same folder as this settings.gradle file
                            from new File(settingsDir, '<random-file>'), new File(settingsDir, '<keystore>'), new File(settingsDir, 'encryption.properties')
                
                           // Define target of the copy operation
                           into new File(target.shareDirectory, 'system/config/cluster/')
                       }
                   }
               }                     
               
               project(':core') {  
                   afterEvaluate {                      
                       deployment.files.share {                                                                                                 
                           exclude 'system/config/cluster/encryption.properties'            
                       } 
                   }                                                                       
               }
           }
       }