Activating Secure Storage in the File
System
Use
The SAP J2EE Engine stores the database user SAP<SID>DB, its password, and other database connection information as well as information for the user Administrator and its password in the file \usr\sap\<SID>\SYS\global\security\data\SecStore.properties in the file system. This file is created during the installation process. Because the SAP Java Cryptography Toolkit is not provided with the installation, this information is initially stored using base 64 encoding. It is not encrypted.
Use the procedure below to activate secure storage in the file system and encrypt this data.
The file SecStore.properties must remain consistent. Do not edit this file manually! Otherwise, the SAP J2EE Engine will not be able to start properly.
Secure storage in the file system is only used for
the database connection information and the information for the user
Administrator. There is also a secure storage area in the
database that you can use to securely store application-specific data. For
more information, see 
Secure Storage for
Application-Specific Data.
Prerequisites
The
SAP Java Cryptography Toolkit is deployed on the SAP J2EE Engine. For more
information, see Deploying the SAP Java
Cryptographic Toolkit.
Procedure
...
1. Start the Config Tool. (Execute <SAPj2eeEngine_install_dir>\configtool\configtool.bat.)
2. Select secure store.
The configuration for the secure storage in the file system appears.
3. Initially after the SAP J2EE Engine installation, the data stored in the file is encoded using base 64 encoding and not encrypted. To activate secure storage and encrypt the data, choose Encrypt Store.
4. Enter a key phrase. The SAP J2EE Engine uses this phrase to generate the key that will be used to encrypt the data.
The uniqueness of the phrase you use contributes to the uniqueness of the resulting key. Therefore, we recommend you use a long key phrase that cannot easily be guessed. Use both upper and lower case letters in the phrase and include special characters.
5. Confirm with OK.
6. Save the configuration.
Result
The file SecStore.key is created. This file contains the key that is used to encrypt the data. The database connection information and the Administrator’s user information (including the password) are stored in the file SecStore.properties file.
To change the key phrase and re-encrypt the data, for example, if you think the key has been confiscated, then use the option Change Key Phrase. Enter a new key phrase and save the data.
If
you change the administrator’s password at a later time, then you also
have to update the password in secure storage. See Changing the
Administrator's Password and Updating it in Secure Storage.