WorkZone Service (WZPS)

WorkZone Protection Service (WZPS) stores data in a secure manner and provide an API to manage stored data. In this release, it can store text secrets, for example passwords, and it is possible to limit access to secrets by setting access codes.

You can find documentation on how to use it in Swagger /secretservice/swagger.

Secrets

This section describes how to generate the secrets that are requires to deploy the contact synchronization containers.

Encryption secrets

There are two secrets that are used to encrypt and decrypt the secrets.

Note: You must set the parameters as is, but you can adjust the output paths to the machine where the deployer generates them.

Use the Windows and Linux built-in tool ssh-keygen to generate the two secrets.

Private:

ssh-keygen -b 4096 -m pkcs8 -t rsa -f /var/prvkey

Public:

ssh-keygen -f /var/prvkey -e -m pem >> /var/pubkey

Add the values (secrets) to the keys:

WORKZONE-WZPS-DECRYPTION-KEY

The value is the private secret that was generated above.

WORKZONE-WZPS-ENCRYPTION-KEY

The value is the public secret that was generated above.

Note: Remove headers and line breaks before you add the values to Key Vault. You can change the key size but 2048 is the recommended minimum size.

Example:

Key: WORKZONE-WZPS-DECRYPTION-KEY

Value: MIIJQwIBADANBgkqhkiG9w0BAQEFAA(...) #truncated, must be one line, no line breaks.

Key: WORKZONE-WZPS-ENCRYPTION-KEY

Value: MIICCgKCAgEAjEErCcSmqYDaSlD70/(...) #truncated, must be one line, no line breaks.