Process to Re-encrypt the Doc Header Content Field and the Maintenance Document Content Field.

Overview

The Kuali database contains 3 tables that each have a field of type CLOB, where the CLOB contains encrypted XML content. These tables are:

            KR schema: KREW_DOC_HDR_CNTNT_T

            KR schema: KRNS_MAINT_DOC_T

            KFS schema: KRNS_MAINT_DOC_T

Note that the KRNS_MAINT_DOC_T table in the KR schema is relatively small, but is included here for completeness.

The KREW_DOC_HDR_CNTNT_T table in the KR schema and the KRNS_MAINT_DOC_T in the KFS schema are very large and each contain an encrypted column. The re-encryption process is too time-consuming to process the entire table every time we refresh a database. Therefore, re-encryption is performed for this data with a date range after the data refresh process completes.

Details

Four date parameters must be set prior to running the post encryption process.  The date format is MM/dd/yyyy.

• KFSSYS | RiceKewPostEncryptionStep | ENCRYPTION_FROM_DATE
• KFSSYS | RiceKewPostEncryptionStep | ENCRYPTION_TO_DATE
• KFSSYS | KfsMaintenancePostEncryptionStep | ENCRYPTION_FROM_DATE
• KFSSYS | KfsMaintenancePostEncryptionStep | ENCRYPTION_TO_DATE

The from date should be set to 06/20/2012 if you’d like to do everything, as this is the start of all data in the system.

There are three jobs to run after the parameters are set:

1. riceMaintenancePostEncryptionJob – no parameters, small table of 600 rows (should finish within minutes)
2. kfsMaintenancePostEncryptionJob – has parameters, table of 100k rows but very LARGE data (one month takes approximately 5 minutes)
3. riceKewPostEncryptionJob – has parameters, table of 1million rows but small data (one month takes approximately 4 minutes)

Troubleshooting

All jobs must be run as an admin, such as BTP98001

Running the process on data that has already been re-encrypted should be fine.  It will give a warning about unable to encrypt but
should complete with no error.