FileNet® P8 provides methods for encrypting credentials that are passed over an internet connection.
Content Platform Engine uses a single 128-bit Master Key for encrypting and decrypting all credentials. The Master Key is generated while running Configuration Manager's Configure Bootstrap Properties task, using a FIPS 140-compliant key generation algorithm. The Master Key is stored in the Content Platform Engine EAR file where it can be used by the Content Platform Engine server, but is not available via any API.
Content Platform Engine uses symmetric key encryption to encrypt sensitive password data at rest in the GCD. It uses a single encryption algorithm and strength using the FIPS-140 compliant 128-bit AES encryption.
The Master Key is a part of the bootstrap properties that are encoded into an EAR file by Configuration Manager's Configure Bootstrap Properties task. As long as the original bootstrapped EAR file (or a backup of it) is available, Configuration Manager's Configure Bootstrap Properties task (or the Bootstrap Configuration Utility) can be used to transfer these properties to a new EAR file, when installing a Content Platform Engine patch or upgrade.
However, if the bootstrapped EAR file is lost and no backup exists, it is not possible to generate a new version with the same Master Key. A new EAR file with a different Master Key would have to be generated, and all passwords (as well as the Isolated Region key) would have to be reset. For this reason, it is important to keep a backup of your EAR file once it has been bootstrapped.
All EAR files deployed across all servers in a FileNet P8 domain must use the same Master Key. It is a best practice to use TLS or SSL when deploying the Content Platform Engine EAR file.