Finding sensitive data and data spills in global configurations and components

To find data spills or sensitive data in global configurations and components, run the repotools-gc dumpArtifacts command and then search its output. If the sensitive data must be deleted, you can then scrub the items.

Before you begin

Important: This command writes only global components and configurations into the server file system. Ask a JazzAdmin user or other IBM® Engineering Lifecycle Management (ELM) project area administrators to check for and remove sensitive data in other ELM applications.
  • This command adds significant load to the server and can take a long time to run.
  • You can also run this command to see the dump jobs that were initiated since the last server restart.

Procedure

  1. Ask a user with JazzAdmin repository privileges to run the dumpArtifacts command. This command dumps the global configurations and components of all the Global Configuration Management (GCM) project areas into a directory on the server. To dump those items for only one project area, include the projectArea parameter.
    repotools-gc -dumpArtifacts adminUserId=userId adminPassword=password dumpDirectory=dumpDirectory [projectArea=projectAreaName]

    For details, see the related topic about this command.

    The system creates a folder for each project area and subfolders for the project area's components, configurations, and if they exist, attributes, data types, and link types. Examine the output in the subfolders to discover the URLs of the items. See the examples.

  2. Find the data to delete.
    • If you don't know which data is sensitive: For each project area, give the command output to a team member to search. Your task is now complete, and you can skip the rest of the steps.
    • If you know which data is sensitive and should be deleted:
      1. Use file system search tools (such as grep) to find occurrences of the sensitive text.
        Tip:
        • Include encoded characters in your search: project area names might have encoded characters, for example, "Team1+Engine+Project", "Team1%60s+Engine+Project", and so on.
        • Search recursively.
      2. In each file that contains the search string, find the URL of the component or configuration, which is typically the top-level URL above where you found the string. See the examples.
        Tip: Consider copying the URLs into a text file.
      3. Give the text file that contains the URLs to a team member assigned the GCM Administrator role, who then decides which items to scrub.

Example

Your organization is working on a new car named "Super Car", which is now considered a secret name. Components and configurations that mention this name must be scrubbed so that all the sensitive data is deleted.
  1. Ask a user with JazzAdmin repository privileges to run the dumpArtifacts command.
  2. Search the command output recursively for the string "Super Car". You find the string in several files. Open those files and find the URLs of the items, as shown in these examples.
    Code fragment that identifies the URL of the component that contains the sensitive data
    Code fragment that identifies the URL of the configuration that contains the sensitive data
  3. Consider creating a text file that contains the URLs of the items that contain the string "Super Car". With the URLs in one file, it's easier to open many components and configurations.

What to do next

To remove sensitive data from global components and configurations:
  1. Copy each identified URL into a browser. This action requires the GCM Administrator role.
  2. If the sensitive data must be deleted, scrub the item. For details about the Scrub commands and to see what is deleted, see the related task.

Ask a JazzAdmin user or other ELM project area administrators to check for and remove sensitive data in the other ELM applications. In the related topic about ELM security considerations, see the section about deleting sensitive data and its links to procedures for other ELM applications.


video icon Video

Jazz.net channel
Software Education channel

learn icon Courses

IoT Academy
Skills Gateway

ask icon Community

Jazz.net
Jazz.net forums
Jazz.net library

support icon Support

IBM Support Community
Deployment wiki