Encrypting Passwords

You can encrypt the passwords used by the system to connect to its components, and provide the encrypted passwords during secret creation.

Before you begin

Use the OpenSSL tool to encrypt the passwords. If you do not have OpenSSL installed, you can download and install it by running the apt-get install -y openssl or yum command.

About this task

You can encrypt the following passwords in the app-secrets.yaml file:
  • SYSTEM_PASSPHRASE
  • DB_PASSWORD
  • JMS_PASSWORD
  • JMS_KEYSTORE_PASSWORD
  • JMS_TRUSTSTORE_PASSWORD
  • LIBERTY_KEYSTORE_PASSWORD
Important: The default key that is used for encryption is 4254514F6C6C2B594650496373422B764D66584E54673D3D. You can use your own key for the encryption. If you do not provide a key in values.yaml, the default key is used to decrypt the passwords.

Procedure

To encrypt the password and use it as a secret, complete the following steps:

  1. Encrypt the password by running the command: 
    echo <password> | openssl enc -aes-256-ecb -e -a -K <key>
    Where,
    • K is the key for the encryption. You can use the default key or your own key.
    • aes-256-ecb is the encryption algorithm.
  2. Provide the encrypted password with the ENCRYPTED: prefix during secret creation or in app-secrets.yaml file and apply it.
    For example, if the encrypted password is akjasdkuiukj==, then enter the password as:
    ENCRYPTED:akjasdkuiukj==
  3. Provide the encryption key in values.yaml in setupCfg section: 
    setupCfg.key: <Encryption Key>