SAP Parameter rsec/securestorage/keyfile - Path to file with key for the secure storage

Parameter
rsec/securestorage/keyfile

Short text
Path to the file with the global key for thesecure storage.You can use this parameter to specify a file that contains theglobal key for the secure storage.If no value is specified, a default key is used. This is enhancedwith system-dependent data and usually provides sufficientprotection.Due to the dangers associated with using your own key (see below),you should only use this function is you require a greater thannormal degree of protection.If a value is specified, this must be the path to a file that canbe accessed from the application server. This file must contain acontinuous sequence of 48 characters from the hexadecimal characterset (0-9, A-F) at the start of the file.You can use the report RSECKEYGEN to generate a suitable key from apass phrase.If you specify only a file name, the system looks for this file inthe run directory of the application server.The first time the key is changed from the default value (defaultkey is used) to another value, the entries encrypted with thedefault key are automatically encrypted with the new key the nexttime they are accessed.If you change the global key again, entries that were created withthe old key can no longer be decrypted. This means that a migrationin transaction SECSTORE is required.For more information, see the notes in the documentation.
CAUTION
Keep a copy of the key file in a secure location. If thefile were to be lost, access to the entries in the secure storagethat were saved with this key is no longer possible. This can havesevere consequences for the entire system.

Work area
System

Parameter unit
File name

Default value
empty

Who is allowed
The customerNote that file names are platform-dependent. You should therefore becautious about using the option to make the profile parameter thesame on all servers in heterogeneous landscapes.

Limitation for db
NoneIf you change the value, the system checks whether the value meetsthe conditions listed under "Parameter Description". If this is notthe case, the system rejects the change.In this case, you can find more information in the developer tracefor the current work process.