Managing Secure Storage in the File System

Use

You can use this procedure to manage and re-encrypt the contents of the secure storage file, located at \usr\sap\< SID >\SYS\global\security\data\SecStore.properties in your file system..

The AS Java installation procedure creates this file during the installation where it stores the database user SAP<SID>DB, its password, and other database connection information. The AS Java installation uses the SAPJava Cryptographic Toolkit to encrypt the information in this file with the triple DES algorithm.

Procedure

Stop the cluster if it has been started.
Start the Config Tool. (Execute <AS_Java_install_dir>\configtool\configtool.bat .)
Select secure store .
The configuration for the secure storage in the file system appears.
The data stored in the file is encrypted by default. To re-encrypt the data, choose File → Reencrypt Secure Content.
To change the key phrase, choose Change Key Phrase. The AS Java uses this phrase to generate the key that will be used to encrypt the data.

Note

The uniqueness of the phrase you use contributes to the uniqueness of the resulting key. Therefore, we recommend you use a long key phrase that cannot be easily guessed. Use both upper and lower case letters in the phrase and include special characters. By default, the requirements for the key phrase are length between 8 and 30 characters and numbers.
Confirm with OK.
Save the configuration.
Start the cluster.

Result

The key that is used to encrypt the data file is stored in the file SecStore.key . The database connection information are stored in the file SecStore.properties file.