Introduction
As part of the normal operation of the PrizmDoc Server API, ID values and tokens are created and provided to the user for use in the public API. Some of these values contain embedded information used for request routing which can include host names, IP addresses and ports of the servers hosting the PrizmDoc Server. This network information should only be relative to internally accessible servers. Nonetheless, the PrizmDoc Server will encrypt the information whenever it is embedded in public-use tokens using AES symmetric encryption and further encode the ciphertext to Base64 to create the new ID or token.
The PrizmDoc Server API ships configured with a default AES key and Initialization Vector (IV) so PrizmDoc Server will work "out-of-the-box". However, it is recommended that you replace the default encryption values with those of your choosing to maintain the highest level of security. The following steps describe how to fully replace the default AES keys with your own.
Step 1: Obtain an AES Key and Initialization Vector (IV)
- First, you will need an AES key and IV that is unique to your organization. Following the AES standard, the key value can be 128, 192 or 256 bits and the IV value must be 128 bits.
- Once you have the key and IV, they must both be Base64 encoded so that they are in a format which can be easily stored in the configuration files of the PrizmDoc Server.
- With a Base64 encoded AES key and IV value you can now begin updating the configuration files.
Step 2: Update the Central Configuration File
The file paths for the Central Configuration file are:
- Docker: <config_folder>/prizm-services-config.yml, where <config_folder> is the folder that you mapped as
/config
when creating the container. See Installing / Using Docker for more details. -
Windows: C:\Prizm\prizm-services-config.yml (assuming the standard install location.)
-
Open the central config file.
- Set the security.aesEncryption.key and security.aesEncryption.iv properties to the Base64 encoded values you created in Step 1.
- Save and exit the config file.
- After making any changes to the configuration files, you need to restart PrizmDoc.