c-treeACE Server supports a master key file in which the advanced encryption master key can be stored. The MASTER_KEY_FILE configuration option is used to specify a local encrypted key store.
To prevent tampering with advanced encryption keys, the server configuration option ALLOW_MASTER_KEY_CHANGE must be specified to allow changing master passwords via the SECURITY API function (an administrative client-side API call). Default value: NO.
Note: The server configuration option MASTER_KEY_FILE now considers a value of NONE to indicate no master key file is in use. This option can be specified in a settings file to prevent a configuration file from using an existing master key file.