Howto: Change the Master Encryption Key Storage Directory in RSA Identity Governance and Lifecycle (IGL)
Originally Published: 2018-03-22
Article Number
Applies To
RSA Version/Condition: 7.0.1 and higher
Issue
Resolution
Wildfly Standalone (non-clustered) hardware or software appliance
Modify /home/oracle/wildlfy/standalone/configuration/aveksa-standalone-full.xml and adjust the property in this section:<system-properties>
<propertyname="jboss.bind.address.management"value="0.0.0.0"/>
<propertyname="rsavialg.security.keydir"value="/home/oracle/security"/>
</system-properties>
Wildfly Clustered hardware or software appliance
Modify /home/oracle/wildfly/domain/configuration/domain.xml and adjust the property in this section:<system-properties>
<propertyname="java.net.preferIPv4Stack"value="true"/>
<propertyname="rsavialg.security.keydir"value="/home/oracle/security"/>
</system-properties>
Websphere, Standalone or Clustered
In the Admin console for WebSphere:- Select the server: Servers -> Server types -> WebSphere application servers -> Select server.
- Choose the server used for RSA IGL.
- Under the Configuration tab, select Server Infrastructure -> Java and Process Management -> Process Definition.
- Under Additional Properties, select Java Virtual Machine -> Custom Properties.
- Select New. Name:rsavialg.security.keydir, Value:<directory path for master encryption key>
(Standalone) rsavialg.security.keydir=<directory path for the master encryption key>
(Cluster) rsavialg.security.keydir=<server and directory path for the master encryption key>
Weblogic, Standalone or Clustered
There are two common methods used by WebLogic Installations for setting JVM arguments. These methods may not map to your environment if you use custom scripts for starting a WebLogic application server instance. Consult the WebLogic administrator on how the JVM settings are set for your given environment.Edit the WebLogin Domain startup enviroments script
This is typically done on a standalone system and would be required if using the AdminServer as the instance where you are deploying RSA IGL. Edit the setDomainEnv.sh file for the domain in which you will be deploying the RSA IGL application.For example, from $WEBLOGIC_HOME/user_projects/domains/<domain_name>/bin, add the following settings to the beginning of the setDomainEnv script, where WL_HOME is set.
JAVA_OPTIONS="$JAVA_OPTIONS-Drsavialg.security.keydir=<directory path for the master encryption key>" export JAVA_OPTIONS
Specify JVM arguments within the Admin Console for a server instance
This is typically used if tour servers are managed via NodeManager. From the Admin Console:- Environment -> Servers -> Select server
- Configuration tab -> Server Start tab
- Add the startup setting -Drsavialg.security.keydir=<directory path for the master encryption key> to the Arguments field.
Notes
Anytime that you change the value of the Java system property after the keys have already been created (meaning after you configured the property and brought the system back up), you must bring down the system and move the keys to the new location before bringing up the system again.
Related Articles
"ORA-00020: maximum number of processes (500) exceeded" when attempting to connect to the Oracle Database on IGL Number of Views RSA Governance & Lifecycle Recipes: Generating Coverage Files from Reports Number of Views Getting the error message "Unable to start service ReportService. java.lang.NoClassDefFoundError: Could not initialize cla… Number of Views Not enough storage is available to complete this operation Number of Views AFX Connector Stays in Stopped state Number of Views
Trending Articles
Troubleshooting RSA SecurID Access Identity Router to RSA Authentication Manager test connection failures RSA SecurID Software Token 5.0.2 Downloads for Microsoft Windows RSA Authentication Manager 8.9 Release Notes (January 2026) Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory RSA Authentication Manager 8.8 Setup and Configuration Guide
Don't see what you're looking for?
