Configuring a Gateway Integration Endpoint - Encrypted Blob Storage

A gateway integration endpoint (GIEP) allows STEP to communicate with an external storage system. Once a GIEP has been created and Encrypted Blob Storage is selected, the configuration settings allow you to identify the location of the required data.

This GIEP is intended to be used with an event processor running the Asset Publisher processor. When integrating with PDX, assets can be encrypted in-transit using Amazon Web Services (AWS) Key Management Service (KMS).

Important: For environments using Product Data Exchange (PDX), configuration is required on your PDX system to implement AWS for asset delivery and/or AWS encryption. Contact Stibo Systems for information.

Prerequisites

To use the Gateway Integration Endpoint Configuration dialog for Encrypted Blob Storage, the following case sensitive properties must be set up first in the sharedconfig.properties file on the STEP application server.

Note: Sensitive configuration values that should be filtered from view are denoted with 'Secret.' This means that the actual values are not visible to users or to Stibo Systems, for example, via Admin Portal configuration lists and remote diagnostics.

All encryption functionality is defined by four dynamic properties. The [Dynamic] placeholder text in each property is replaced with same text to identify the purpose of the encryption properties and associate them with each other. The replacement text will be displayed in the 'Encryption Config' parameter on the GIEP configuration dialog and the 'Encryption Configuration' parameter on the 'PDX' delivery method on an OIEP.

If necessary, submit a ticket to the Stibo Systems Service Portal requesting to populate the following properties:

  1. EncryptedMessage.[Dynamic].AWSKMS.AccessKeyID

    For example: EncryptedMessage.PDXEncryption.AWSKMS.AccessKeyID=AKIAXF2WQ7KV6UXGGVZG

  2. EncryptedMessage.[Dynamic].AWSKMS.AccessKeySecret

    For example: EncryptedMessage.PDXEncryption.AWSKMS.AccessKeySecret=I5RN/lmxU5GG+iEJ9qibfDqJYf//S3SsF/cLCF1G

  3. EncryptedMessage.[Dynamic].AWSKMS.KeyArn

    For example: EncryptedMessage.PDXEncryption.AWSKMS.KeyArn=arn:aws:kms:eu-west-1:493565835888:alias/PDX-Key

  4. EncryptedMessage.[Dynamic].PluginID

    For example: EncryptedMessage.PDXEncryption.PluginID=AWSKMS

    Important: AWSKMS is the only valid value for the PluginID property. Setting this required property associates it with the other properties that share the same dynamic value.

Configuring the Gateway Integration Endpoint

Once the case-sensitive properties as described above are entered into the sharedconfig.properties file, the options outlined within these properties display in the dropdowns in the dialog. If the dropdowns are empty, then the properties are not set up or are set up incorrectly.

  1. On the Gateway Integration Endpoint Configuration dialog, select Encrypted Blob Storage from the top dropdown.

  2. On the Blob Storage parameter, select the desired option from the second dropdown. Complete the available parameters as defined the related topics:

    Note: While additional layers of encryption can be added in this configuration by selecting Encrypted Blob Storage from the second dropdown, consider that the same number of additional levels of decryption are required on the receiving system.

  3. On the Encryption Config parameter, select the option.

  4. Click Save to complete the configuration.

  5. Enable the endpoint as defined in the Running a Gateway Integration Endpoint topic.

  6. Test the connection from the gateway as follows:

    • On the Gateway Connectivity flipper, click the Check Connectivity button.

    • In the Check Connectivity dialog, in the Java Script Check Code section, add:

      gateway.checkConnectivity()

    • Click the Check Connectivity button and verify success or make the necessary corrections to connect.

Using the Gateway Integration Endpoint

Configuration of a GIEP is required to set up: