Sensitive configuration data

Sensitive information such as passwords are never stored in the registry or anywhere else in plain text. For cloud deployments, all sensitive configuration data is encrypted and decrypted using the customer master key in AWS KMS. For on-premises deployments, this configuration data is encrypted and decrypted using the master keystore file created for WFM during installation.

Sensitive configuration data is managed in the Sensitive Data Configuration maintenance form. This includes the WFM system key, PGP key, and the SAML private key and IdP certificate. Only users that belong to the SYSTEM ADMINS security group can access this form.

Some internally stored keys must be rotated. For details on updating the keys that are used by WFM, see "Sensitive configuration data" in the Infor Workforce Management Installation and Configuration Guide.