Encryption
Adding encryption to your Ouvvi Tenant helps ensure the confidentiality and security of your project connection details. This is especially important if you are working with sensitive data or in a production environment.
Encryption helps to protect your data from unauthorized access or interception by encrypting it using a unique key. Only users with the correct key can decrypt and access the data, which helps to keep your data safe.
Additionally, by encrypting your connection details, you can prevent them from being exposed in plain text within your project files, which helps to protect them from potential attackers.
What kind of encryption does Ouvvi use?
Ouvvi uses the same encryption as data sync. When you create a new encryption key, a unique key and a self-signed X509 certificate are generated. These are used to encrypt and decrypt your data as needed.
This means that your data is protected by a strong encryption algorithm and a unique key that only you have access to. This helps to ensure that your data is secure and protected from unauthorized access.
Adding Encryption to Ouvvi
As Ouvvi shares the encryption with Data Sync you will first need to create an encryption key to be uploaded into Ouvvi.
To create a new certificate and key for your Ouvvi instance you will first need to open Data Sync and expand the Tools menu. Then select Encryption Keys from the list.
Here you will be able to view any encryption keys you add. However as we do not have any set up we need to select the Add Key button.
Enter in the URL to your Ouvvi site and generate a new certificate and an encryption key by clicking on the corresponding buttons. If you have already generated a certificate you can select it from the dropdown rather than generate a new one.
Make sure to take note of your encryption key and keep it in a secure location.
If you lose your encryption key, you will be unable to use the credentials details stored within your project files.
You will also need to add this key on any machines using the encrypted project files.
Once you have generated a certificate and an encryption key you need to click Install Key
to define your machine to use that encryption key.
This will open a window to let you know the key was installed and to make sure you have made a note of your encryption key. To continue click Close to close the window.
We can now view our newly created encryption in the Encryption Key window. You can manage all of your stored encryption keys for Data Sync from here.
Add the Encryption Key to Ouvvi
You will now need to install the encryption key into Ouvvi. To do this browse to your Ouvvi site and open the settings menu. Then select System Settings and click onto the Encryption Key button in the sub-menu.
This will open the encryption key page where we can enter in the details. Start by ensuring that the certificate matches the one you generated in Data Sync, and then enter in the encryption key you saved from earlier and click Save to install the key into Ouvvi.
The Encryption Key must be the same as the one configured in Data Sync.
If it was successful you will now be displayed with the Encryption Key Installed page confirming it was successfully installed into your system.
If you try to add another encryption key to the system after this has been added you will be shown the warning message : An EncryptionKey has already been installed, changing the Encryption key will prevent any stored secrets being read!
We recommend not changing the key as this can break your projects.
Troubleshooting
Access Denied
If you get the error message that access is denied when you click onto Generate New Certificate then you will need to close Data Sync and reopen it as an administrator. If you have admin permissions on your machine you can do this by right clicking on the app and choosing Run as Administrator.
Unable to Obtain Private Key
If you get the error message "Unable to obtain a Private Key from your certificate, please ensure your account has permission to read the certificate Private Key. Keyset does not exist" then you will need to follow the below steps to add the user/windows account to the certificate.
This cannot be done with Windows Groups and you will need to use the Windows Certificate Manager.
Open Manage Computer Certificates and locate the certificate. Usually this is under the personal folder, unless you have moved it elsewhere. The certificate will be called SimegoDataSyncCert
by default however if this has been renamed you will need to find the name it has been changed to. You may also have more than one certificate if you have generated certificated multiple times.
Right click onto the certificate and go to All Tasks > Manage Private Keys, and then add the Windows User Account.
Keyset Does Not Exist
If you get the error Keyset does not exist when trying to install the key into Ouvvi it is most likely that the service account does not have access to the certificate or you are using the wrong certificate inside Ouvvi.
Wrong Certificate Used
The first thing to check is that the certificate you are using in Ouvvi matches the one you used in Data Sync when you created the key.
Please ensure that the certificate you generated or selected from the drop down list in Data Sync matches the one selected in the dropdown in Ouvvi.
Permissions
The if the service account is different to the user account that was used to create the encryption key you will need to add the user to the certificate will full permissions.
To do this open Manage Computer Certificates and locate the certificate. Usually this is under the personal folder, unless you have moved it elsewhere. The certificate will be called SimegoDataSyncCert
by default however if this has been renamed you will need to find the name it has been changed to. You may also have more than one certificate if you have generated certificates multiple times.
Right click onto the certificate and go to All Tasks > Manage Private Keys, and then add the Windows User Account to the certificate.
Once the user has been added you can go back to Ouvvi and try adding the encryption key again, this should now be added.