Creating sensitive configuration data

Sensitive configuration data is managed in the Sensitive Data Configuration maintenance form. This includes the WFM system key, PGP key, and the SAML private key and IdP certificate. Only users that belong to the SYSTEM ADMINS security group can access this form.

Note: OAuth 1.0 is managed separately from the sensitive configuration data.
  1. Select Maintenance > System Administration > Sensitive Data Configuration.
  2. Click Create New Entry.
  3. Specify this information:
    Configuration Type
    Select the configuration type for the encrypted data from the drop-down list. You cannot update the configuration type for an existing entry.
    Public Data
    Optionally, specify the public information attached to the protected data, for example, a username or client ID. This value is stored in plain text.
    Expiration Date
    Select the date when the key will no longer be valid. When adding a key with the same configuration type as an existing entry (key rotation), the expiration date of the new entry must be after the expiration date of the existing entry. Only one entry per type can be active at any one time.
    Note: When editing an existing entry, you cannot change the expiration date to a date into the future. You can change the expiration date to a date in the past.
    Protected Data
    Specify the protected data to be encrypted in the database. After saving, this value is always shown masked.

    When editing an existing entry, you can replace the protected data with another string. Upon saving, the data is re-encrypted and the current value is replaced by the new value.

  4. Click Save.