Show TOC

Secure Storage in the File System (AS ABAP)Locate this document in the navigation structure

Use

The secure storage in the file system is part of SAP NetWeaver Application Server (AS) ABAP. SAP Installer, AS ABAP kernel, and AS ABAP tools that connect to the database can use this storage to securely store connection-relevant data like passwords and other data that are relevant for secure operation. The encrypted storage of the data prevents unauthorized persons or programs being able to access this data.

Note

Custom applications cannot use this component.

Files

The secure storage uses the following files:

  • Data file SSFS_ <SAPSYSTEMNAME> .DAT, which is stored in the directory set as the value of profile parameter rsec/ssfs_datapath

  • Data backup file SSFS_ <SAPSYSTEMNAME> .DA_, which is stored in the same directory as the data file. The secure storage creates it before starting an operation that changes the data file in a non-trivial way (see Restoring Secure Storage Files in the File System )

  • Lock file SSFS_ <SAPSYSTEMNAME> .LCK, which is stored in the directory set as the value of profile parameter rsec/ssfs_datapath

  • Key file SSFS_ <SAPSYSTEMNAME> .KEY, which is stored in the directory set as the value of profile parameter rsec/ssfs_keypath

  • Key backup file SSFS_ <SAPSYSTEMNAME> .KE_, which is stored in the same directory as the key file. The secure storage creates it before starting an operation that changes the key file in a non-trivial way (see Restoring Secure Storage Files in the File System )

The files do not need to exist immediately after the installation. The secure storage automatically creates them during the first operation that requires the relevant files to exist.

Key Administration

Data can be stored in encrypted form, such as passwords, or in unencrypted form, such as user IDs. If you store encrypted data records, the encrypted parts of the data file are encrypted with a standard encryption key. This usually provides sufficient security. However, you can re-encrypt the secure storage with an individual encryption key and the command line tool rsecssfx. This procedure stores the individual key in the key file in the key path, and automatically encrypts all of the data records in the secure storage with the new encryption key.

Caution

Do not manipulate the key file without the command line tool. For example, do not replace the key file with a different version. Otherwise, the data records in the secure storage could become unreadable.

You can check the readability of all entries with the command line tool rsecssfx, using the command list.

Prerequisites

The secure storage is part of the AS ABAP. You do not need to install any additional libraries or external products.

More Information