Encrypting passwords

Various passwords are used by the system to connect to its various components. You can encrypt these passwords and provide the encrypted passwords in the setup.cfg file.

Use the OpenSSL tool to encrypt the passwords. If you do not have OpenSSL installed, you can download it and install it by running the apt-get install -y openssl or yum command.

You can encrypt the following passwords in the setup.cfg file:
  • SYSTEM_PASSPHRASE
  • DB_PASSWORD
  • JMS_PASSWORD
  • JMS_KEYSTORE_PASSWORD
  • JMS_TRUSTSTORE_PASSWORD
  • LIBERTY_KEYSTORE_PASSWORD
Important: The default key that is used for encryption is 4254514F6C6C2B594650496373422B764D66584E54673D3D. You can use your own key for the encryption. If you do not provide a key in the docker run command, the default key is used to decrypt the passwords.

To encrypt and password and use it in the setup.cfg file, complete the following steps:

  1. Encrypt the password by running the following command:
    echo <password> | openssl enc -aes-256-ecb -e -a -K <key>

    where K is the key for the encryption. You can use the default key or your own key

    and aes-256-ecb is the encryption algorithm.

  2. Add the encrypted password to the setup.cfg file with the ENCRYPTED: prefix.

    For example, if the encrypted password is akjasdkuiukj==, then enter the password as ENCRYPTED:akjasdkuiukj== .

After successful installation, the passwords are encrypted and stored in the sandbox.cfg file. All the passwords except the SYSTEM_PASSPHRASE are encrypted. Passwords in sandbox.cfg are encrypted even if you do not provide an encrypted password in setup.cfg.