Running Setup Utility

To properly configure the Delinea JDBC Proxy Driver with your Secret Server or Delinea Platform, you must run the Setup Utility. This process ensures that the driver integrates securely with your environment, including encryption settings and credential management.

The SetupUtility encrypts the Secret Server or Delinea Platform credentials, creates the DelineaDriver.properties file in the current folder, and copies the Delinea-Jdbc-Proxy.jar and DelineaDriver.properties files into the provided web server application's lib folder.

  1. Stop the Web Server service.

    This is a necessary step before running the setup utility to avoid conflicts with the active web server session.

  2. Open the command prompt as an administrator.

    1. For default encryption mode: Run the command java –jar SetUpUtility.jar

      The SetUpUtility uses AES-GCM encryption to protect Secret Server or Delinea Platform credentials. It generates a unique hardware-based key by combining details from the CPU, motherboard, hard disk, and BIOS, and secures it with SHA-256 hashing. This encryption process ensures safe decryption, providing strong, system-specific data protection.

    2. For new encryption mode: Run the command java –jar SetUpUtility.jar 1

      The SetUpUtility creates an encryption key to encrypt Secret Server or Delinea Platform credentials. It stores the key in a hidden folder with appropriate file and folder permissions to restrict access.

    3. To run the Setup Utility, the user must have a Java environment, and the SetUpUtility.jar and Delinea-Jdbc-Proxy.jar files must be in the same location. For more information about encryption modes, click here.

    Depending if you are using the Delinea Platform or the Secret Server, complete the following information:

    • Platform Instance URL(only for the Delinea Platform): Provide the URL where your platform instance is hosted (e.g., https://your-platform-instance.com).

    • Secret Server URL (only for Secret Server): Provide the URL where your Secret Server is hosted (e.g., https://your-secret-server.com).

    • Username (for Platform or Secret Server): Provide the username associated with your platform instance or Secret Server.

    • Password (for Platform or Secret Server): Provide the password for the user associated with your platform instance or Secret Server.

    • Deployed application lib folder path: provide the deployed application lib folder path. For example, if you are using JBoss Server, enter JBOSS-HOME/modules/com/delinea/main to show the path of the JBoss installation folder on your machine.

    • Use Delinea Credentials Cache:

      • y=set to y if you are integrating directly with Secret Server and set baseURL to the Delinea Credential Cache URL .

      • n=set to n if you are integrating with the Delinea Platform. No baseURL entry is needed.

      To learn more about Delinea Credentials Cache, click here.

    • Encryption Key Rotation:

      When using a new encryption mode, if a key already exists in the hidden folder, you will be prompted to decide whether to rotate it. If you choose to rotate the key, you must run the SetupUtility again for each application deployment on web servers.

      You are asked whether you want to rotate the encryption key. The options are:

      • Yes: Enable encryption key rotation to further secure the communication between your Delinea Platform or Secret Server and web servers. This process will periodically change the encryption key, ensuring enhanced security and minimizing the risk of key compromise.

      • No: Keep the existing encryption key, maintaining the current security configuration without any changes.

The SetupUtility validates the Secret Server or Delinea Platform credentials at runtime. If the credentials cannot be validated, the process will stop.

The DelineaDriver.properties and Delinea-Jdbc-Proxy.jar files will be copied into the lib folder of the application.

Once the setup utility is complete, the DelineaDriver.properties file should contain:

  • encryptionMode = the mode of the.encryption. encryptionMode =1 for a new encryption method and encryptionMode = 0 for the default encryption method.

  • identity= Secret Server or Delinea Platform credential in an encrypted format.

  • address= the Secret Server URL or the Delinea Platform URL.

  • baseURL= the Delinea Credential Cache URL (for Secret Server only). To learn how to configure and retrieve the baseURL, click here.

  • You can change only the isLogging and LoginLevel parameters for logging purposes.

  • trustAllCertificate= this parameter can be set to either true or false. By default, the proxy driver does not trust all certificates. If the user trusts the certificate, set it to true.

Do not change the address and the identity parameters manually. If you want to change it, If these need to be updated, it should be done through the SetupUtility.jar to avoid misconfigurations.