Guide for Venio Admins
In order to facilitate the secure integration of Amazon Web Services (AWS) and Microsoft Azure with your system, a separate menu called `Environment Settings` has been added to the admin menu. This menu is visible only to internal client users with a Venio Admin role.
This guide will walk you through the steps required to set up and manage your AWS and Azure keys within this new interface.
Login to VOD under an account which is a member of internal client and has been assigned a Venio Admin role
Click the user drop down and select 'admin settings'
Navigate to the `Environment Settings` Menu:
Under System, you'll find the `Environment Settings` option.
View and Modify Visible Keys
You will initially see only the default visible keys. You can update the values of these keys as necessary.
By following the previous steps, you have successfully configured AWS and Azure keys while ensuring the confidentiality of sensitive data.
Overview of SQL Schema Changes:
We have made several changes to the `tbl_pj_controlsetting` table, notably:
- The addition of the `IsVisible` flag. This controls which keys will be displayed in the User Interface (UI).
- The addition of the `IsEncrypted` flag. This controls which settings' values will be encrypted.
IsVisible Flag:
By default, only the `AZURE_REGION`, `AZURE_ACCESS_KEY_ID`, `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, and `AWS_REGION` settings will be displayed.
The settings `IS_DEVELOPMENT_ENVIRONMENT`, `IS_CLOUD_ENVIRONMENT`, `RELATIVITY_ERROR_MESSAGE_KEYWORDS`, `ENABLE_NEW_CASE_SETTINGS_FEATUREFLAG`, `ENABLE_VOD`, and `ENABLE_VODR` will not be visible in the UI, regardless of the `IsVisible` setting.
IsEncrypted Flag:
If you upgrade using just the script, the `IsEncrypted` flag will be 0 for all settings. However, if you upgrade using the `ConfigureDatabase.exe`, the `AWS_SECRET_ACCESS_KEY` and `AZURE_ACCESS_KEY_ID` will, by default, have the `IsEncrypted` flag set to 1.
If a key is encrypted, its value will be blank in the UI. If you update the value as blank, the previous data will not be updated - that is, it will retain its old value.
How to Modify AWS and Azure Key encryption in SQL:
Keys with the `IsEncrypted` flag set to 1 will be encrypted. If you wish to encrypt or decrypt other keys, change the `IsEncrypted` flag for that key to 1 or 0, respectively.
Troubleshooting
Remember, wherever this data is accessed, it should work fine, meaning the value should be decrypted correctly. However, there could be errors in cases where there is direct access to the value from the database. As such, these fields should be used carefully as they are intended for hiding confidential control setting data.
Comments
0 comments
Please sign in to leave a comment.