Configuring a Gateway Integration Endpoint - Encrypted Blob Storage

A gateway integration endpoint (GIEP) allows STEP to communicate with an external storage system. Once a GIEP has been created and Encrypted Blob Storage is selected, the configuration settings allow you to identify the location of the required data.

The Encrypted Blob Storage GIEP is intended to be used with an event processor running the Asset Publisher processor. When integrating with PDX, assets can be encrypted in-transit using Amazon Web Services (AWS) Key Management Service (KMS).

Important: For environments using Product Data Exchange (PDX), configuration is required on your PDX system to implement AWS for asset delivery and/or AWS encryption. Contact Stibo Systems for information.

Prerequisites

Important: Prior to configuration, dropdown parameters that rely on a property are empty. To display the value(s) in the configuration dialog, log into the Self-Service UI, select the environment, and on the 'Configuration properties' tab, configure the property for your system.

Refer to the Self-Service UI 'User guide' for information about setting configuration properties, including the use of the ${CUSTOMER_SECRETS_ROOT} and ${CUSTOMER_CONFIG_ROOT} variables.

'Secret' configuration values are sensitive and are hidden in the display. This means that the actual values are not visible to users or to Stibo Systems, for example, via Admin Portal configuration lists and remote diagnostics.

Multiple entries can be added to the dropdown parameters using dynamic properties. Each configuration entry must have a unique integer or alpha identifier (indicated by [*]) as described below. When duplicate identifiers exist, only the last value is displayed in the dropdown.

Allow a few minutes for changes made in the Self-Service UI 'Configuration properties' tab to display in the workbench. Refer to the Self-Service UI topic for more information.

All encryption functionality is defined by four dynamic properties. The [Dynamic] placeholder text in each property must be replaced with same literal text to identify the purpose of the encryption properties and to associate them with each other. The literal text is displayed in the 'Encryption Config' parameter on the GIEP configuration dialog and in the 'Encryption Configuration' parameter on the 'PDX' delivery method on an OIEP. If multiple encryption methods are required, use a set of properties with the same literal text, such as 'PDXEncryption1' and 'PDXEncryption2.' In these examples, 'Dynamic' is replaced with 'PDXEncryption' literal text.

  1. Configure the AccessKeyID using the EncryptedMessage.Dynamic.AWSKMS.AccessKeyID property.

  2. Configure the AccessKeySecret using the EncryptedMessage.Dynamic.AWSKMS.AccessKeySecret property. The access key secret is hidden.

    On the 'Add configuration property value' dialog, the Value field includes the access key secret.

  3. Configure the KeyArn using the EncryptedMessage.Dynamic.AWSKMS.KeyArn property.

  4. Configure the PluginID using the EncryptedMessage.Dynamic.AWSKMS.PluginID property with the value AWSKMS.

    Important: AWSKMS is the only valid value for the PluginID property. Setting this required property associates it with the other properties that share the same dynamic value.

  5. Proxy config parameter: Proxy functionality is intended for facilitating internet access, which is always available from SaaS environments. If a proxy is necessary for your scenario, contact Stibo Systems Support.

Configuring the Gateway Integration Endpoint

Once the properties described above are configured, the values created in these properties display in the configuration dialog dropdowns. If a dropdown is empty, revisit the 'Configuration properties' tab in the Self-Service UI to correct the error. Refer to the Self-Service UI topic for more information.

  1. On the Gateway Integration Endpoint Configuration dialog, select Encrypted Blob Storage from the top dropdown.

  2. On the Blob Storage parameter, select the desired option from the second dropdown. Complete the available parameters as defined the related topics:

    Note: While additional layers of encryption can be added in this configuration by selecting Encrypted Blob Storage from the second dropdown, consider that the same number of additional levels of decryption are required on the receiving system.

  3. On the Encryption Config parameter, select the desired option.

  4. Click Save to complete the configuration.

  5. Enable the endpoint as defined in the Running a Gateway Integration Endpoint topic.

  6. Test the connection from the gateway as follows:

    • On the Gateway Connectivity flipper, click the Check Connectivity button.

    • In the Check Connectivity dialog, in the Java Script Check Code section, add:

      gateway.checkConnectivity()

    • Click the Check Connectivity button and verify success or make the necessary corrections to connect.

Using the Gateway Integration Endpoint

Configuration of a GIEP is required to set up: