![[Windows]](ngwin.gif)
Encrypting a parameter file
If the DOMAINNAME, USERNAME, and PASSWORD values in the [Services] stanza of a parameter
file are not already encrypted, you can encrypt them by running the setmqipw
utility.
About this task
Use the setmqipw utility to encrypt the DOMAINNAME, USERNAME, and PASSWORD
values in the [Services] stanza of a parameter file, if they are not already encrypted. (These
values might be encrypted if you have run the utility before.) setmqipw will also
encrypt the QMGRPASSWORD and CLIENTPASSWORD values in the [SSLMigration] stanza of a parameter file.
This encryption means that, if you need a special domain account to configure IBM® MQ (see Configuring IBM MQ with the Prepare IBM MQ Wizard and Creating and setting up Windows domain accounts for IBM MQ), or you need to keep key database passwords secret, details are kept secure. Otherwise, these values, including the domain account password, flow across the network as clear text. You do not have to use this utility, but it is useful if security in your network is an issue.
To run the script:Procedure
Results
If you view the resulting parameter file, the encrypted values start with the string
mqm*. Do not use this prefix for any other values; passwords or names that begin
with this prefix are not supported.
setmqipw.log, in the current directory. This
file contains messages related to the encryption process. When encryption is successful, messages
are similar to:
Encryption complete
Configuration file closed
Processing complete
What to do next
After you encrypt the parameter file, you can use it in the normal way with the
MQParms command (see Installing the server using the MQParms command ).