Encrypting passwords for user roles configured in MobileFirst Server

The passwords for user roles that are configured for the MobileFirst Server can be encrypted.

Procedure

Passwords are configured in the server.env files in the package_root/mfpf-server/usr/env and package_root/mfpf-analytics/usr/env folders. Passwords should be stored in an encrypted format.

  1. You can use the securityUtility command in the Liberty profile to encode the password. Choose either XOR or AES encryption to encode the password.
  2. Copy the encrypted password to the server.env file. Example: MFPF_ADMIN_PASSWORD={xor}PjsyNjE=
  3. If you are using AES encryption and used your own encryption key instead of the default key, you must create a configuration file that contains your encryption key and add it to the usr/config directory. The Liberty server accesses the file to decrypt the password during runtime. The configuration file must have the .xml file extension and resemble the following format:
    <?xml version="1.0" encoding="UTF-8"?>
<server>
  <variable name="wlp.password.encryption.key" value="yourKey" />
</server>
Parent topic: Security configuration for IBM MobileFirst Platform Foundation on IBM Containers