Configure Property Transform Settings in ThingWorx
Update the platform-settings.json File
If you opted to install the Property Transform component of Platform Analytics, the platform-settings.json file for the ThingWorx server must be updated. Specifically, a section must be added to identify the location of the RabbitMQ server. Whether you have chosen to install the RabbitMQ instance provided with the installer, or you are using an existing, external instance, the ThingWorx settings must be updated with the RabbitMQ parameters.
1. Open the Windows PowerShell, or the Command Prompt window, in Administrator mode.
2. Navigate to the C:\ThingworxPlatform\platform-settings.json file and open it.
3. Add the following parameters to the PlatformSettingsConfig section, substituting actual values in the angled brackets:
{
"PlatformSettingsConfig": {
...
"PropertyTransformSettings": {
"EnablePropertyTransform": true,
"QueueHost": "<rabbitmq IP address>",
"QueuePort": <port number>,
"QueueUsername": "<rabbitmq user name>",
"QueuePassword": "encrypt.propertytransform.password",
"QueueVHost": "/"
}
}
}
4. If you plan to use TLS support to protect the connection between RabbitMQ and the ThingWorx server, add the following additional parameters to the same PlatformSettingsConfig section:
{
"PlatformSettingsConfig": {
...
"PropertyTransformSettings": {
...
"BrokerSslEnabled": "true",
"BrokerSslClientStore": "<path to PKCS12 file>",
"BrokerSslClientStorePassword": "<PKCS12 password>",
"BrokerSslServerTrustStore": "<path to ThingWorx Truststore file>",
"BrokerSslServerTrustStorePassword": "<ThingWorx Truststore password>"
}
}
}
For more information about using TLS to protect RabbitMQ protections, see TLS Support for RabbitMQ.
Encrypt the RabbitMQ Password
Before you can encrypt a password in ThingWorx, follow the steps below to download the Security Management Tool and configure it. For detailed information about this tool and its features, see Security Management Tool in the ThingWorx Help Center.
1. Obtain the Security Management Tool zip file from the PTC Support site.
2. Extract the contents of the zip file to a directory.
3. Open the Windows PowerShell, or the Command Prompt window, in Administrator mode.
4. Create a configuration file similar to the example file below and place it in the bin folder of the unzipped Security Management Tool.
Example keystore.conf file:
{
security {
secret-provider = "com.thingworx.security.provider.keystore.KeyStoreProvider"
default-encryption-key-length = 128
keystore {
password-file-path = "C:\\ThingworxPlatform"
password-file-name = "keystore-password"
path = "C:\\ThingworxStorage"
name = "keystore.jks"
}
}
}
security {
secret-provider = "com.thingworx.security.provider.keystore.KeyStoreProvider"
default-encryption-key-length = 128
keystore {
password-file-path = "C:\\ThingworxPlatform"
password-file-name = "keystore-password"
path = "C:\\ThingworxStorage"
name = "keystore.jks"
}
}
}
 |
If ThingWorx is installed on a Linux server, adjust the keystore file paths as shown below.
keystore {
password-file-path = "/ThingworxPlatform" password-file-name = "keystore-password" path = "/ThingworxStorage" name = "keystore.jks" |
5. Run the following command:
security-common-cli.bat keystore.conf set encrypt.propertytransform.password "<RabbitMQ password>"
|
|
When encrypting the RabbitMQ password for the first time, you must use the password created at installation.
|
6. If you are using TLS support to protect the connection between RabbitMQ and the ThingWorx server, and you want to also encrypt the passwords for the BrokerSslClientStore and the BrokerSslTrustStore, run the following commands:
security-common-cli.bat keystore.conf set encrypt.broker.ssl.clientstore.password "<BrokerSslClientStore Password>"
security-common-cli.bat keystore.conf set encrypt.broker.ssl.truststore.password "<BrokerSslTrustStore Password>"
For more information about the BrokerSslClientStore and the BrokerSslTrustStore, see Step 4 in the procedure: Update the platform-settings.json File.
 |
If you are using TLS and encrypting all passwords, your configuration in the PropertyTransformSettings section of platform-settings.json should look similar to the following sample:
{ "PlatformSettingsConfig": { ... "PropertyTransformSettings": { "EnablePropertyTransform": true, "QueueHost": "<rabbitmq IP address>", "QueuePort": <port number>, "QueueUsername": "<rabbitmq user name>", "QueuePassword": "encrypt.propertytransform.password", "QueueVHost": "/" "BrokerSslEnabled": "true", "BrokerSslClientStore": "<path to PKCS12 file>", "BrokerSslClientStorePassword": "encrypt.broker.ssl.clientstore.password", "BrokerSslServerTrustStore": "<path to ThingWorx Truststore file>", "BrokerSslServerTrustStorePassword": "encrypt.broker.ssl.truststore.password" } } } |
7. Restart ThingWorx.