AESKeyFile

The path to the AES key file to use for DIH data encryption. Setting this parameter turns on encryption for your DIH index queue.

CAUTION: If you lose your encryption keys after you enable encryption, you cannot recover the encrypted data.

DIH does not start if the key file that you specify is not valid.

DIH uses 256-bit AES encryption. Encryption includes any data sent with index actions that is stored in your index queue before processing. If you have turned on archiving (by using ArchiveMode), DIH transfers the encrypted data to the archive.

NOTE: When DIH processes an index action to send to its child servers, it decrypts the data before it sends. Micro Focus recommends that you configure TLS encryption to ensure communication between the DIH and its child components is secure.

You can turn on AES encryption in an DIH that has existing data in the index queue, but the encryption applies only to new incoming data. However, DIH processes the unencrypted data as normal and deletes it after processing, unless you use archiving.

After you enable encryption, DIH verifies your encryption key each time you restart the server. The service logs an error and does not start if the key file has changed, or is missing.

NOTE: You can also enable encryption by using the -dataencryptionkey command line parameter when you start DIH. If you use this option, it overrides the AESKeyFile setting.

For more information about IDOL index encryption, refer to the IDOL Server Administration Guide.

Type: String
Default:  
Required: No
Configuration Section: DataEncryption
Example: AESKeyFile=C:\IDOL\data\encryption\AES.ky
See Also: