close

Filter

loading table of contents...

Content Server Manual / Version 2406.0

Table Of Contents

3.13.2.12 Password Property Encryption

In order to encrypt passwords stored in property files you can use an encryption service. For configuration of an encryption service consult Chapter 4, Encryption Service Setup in Deployment Manual.

Password Encryption

For each password you want to encrypt take the following steps:

  1. Login as a user who can access the keystore and password file. Switch to the installation directory of the command line tools and enter the following command where <plaintextpassword> should be replaced with the password you want to encrypt:

bin/cm encryptpasswordproperty <plaintextpassword>
  1. The command output is the encrypted password (which includes the curly brackets!) and some informational text. Use the -r option (bin/cm encryptpasswordproperty -r <plaintextpassword>) to have the tool just dump out the encrypted password without other information.

Note

Note

The tool will generate a unique value for the same plain text value each time you invoke it.

  1. Copy the password (including the curly brackets) into your respective properties file. You can append a comment after the closing curly bracket to add information. For example:

sql.store.password={G/7UZ7hPQnGZ/xX4J/7b8FNp/ybEH/JU
Qp5c8NRoDEQSlK5ypbkwotfu6j8U1SHr
QifmKeAQUvou/+ES34/pRHs=} --- generated by User xxx on 28/03/2013
Verify a password

If you want to verify that a given encrypted password actually represents a given plaintext password, use

cm encryptpasswordproperty -c <plaintext password> <encrypted entry>

where <plaintext password> should be replaced with the password and <encrypted entry> with the result of the encryption tool. The command will provide you with textual information whether these passwords match. The command returns with return value "0" whether the tokens match or not.

Troubleshooting

The encryption service must not only be configured for the encryptpasswordproperty tool, but also for every app using the encrypted password, for instance schemaaccess.

View the respective app log file. If an encrypted password cannot be decrypted, you will see an error message in your log file telling you so. Since password decryption is verified early on (fail fast), you will find the error messages shortly after the component, service, or server starts.

Search Results

Table Of Contents
warning

Your Internet Explorer is no longer supported.

Please use Mozilla Firefox, Google Chrome, or Microsoft Edge.