Storing the ThingWorx Flow Secret Keys in the ThingWorx Foundation KeyStore
Prerequisites
◦ Download the Security Management Tool from the PTC Support Site. To understand the usage and initialize the
ThingWorx Foundation KeyStore, see
Security Management Tool.
◦ When ThingWorx Flow is installed on a different machine than ThingWorx Foundation, the ThingWorx Flow installer creates the Flowkeys.tar file in the same location where you had copied the ThingWorx Foundation platform_settings.json file. The Flowkeys.tar file contains the following files:
▪ config.json
▪ keyfile-key
▪ keys.enc
Make a note of the location of the Flowkeys.tar file.
Steps
Complete the following steps to import the ThingWorx Flow secrets to the ThingWorx Foundation KeyStore:
1. Copy the Flowkeys.tar file to the machine where the ThingWorx Foundation KeyStore is available.
2. Unzip the contents of the Flowkeys.tar file to any directory on that machine.
3. Modify the config.json file, so that location points to the keys.enc file and keyfile-key-location points to the keyfile-key file.
....
"location": "./keys.enc",
"keyfile-key-location": "./keyfile-key"
....
4. Run the following command to import the ThingWorx Flow secrets to the ThingWorx Foundation KeyStore:
security-common-cli <Path-to-ThingWorx-KeyStore-config> import <Full-path-to-ThingWorx-Flow-KeyStore-config.json-file>
For example: ./security-common-cli keystore.conf import config.json
5. If you have rotated the
ThingWorx Flow encryption key as described in
Rotating the ThingWorx Flow encryption key, then run the following command to update the value of
custom_active_encryption_key in the
ThingWorx Foundation KeyStore:
security-common-cli <Path-to-ThingWorx-KeyStore-config> set custom_active_encryption_key "<Rotated-ThingWorx-Flow-encryption-key>"
6. If ThingWorx Foundation is already running, restart ThingWorx Foundation to reload the KeyStore.