Running the Security Utility

Prerequisite

Configure the files that are present in your Mount directory. For more information, see Configuring the files in Mount directory.

Running the Security Utility

Run the following docker command:

docker run --name="<container name>" -it -v <path to mount files>:/opt/IBM/Resources <image name>:<version> /bin/bash /opt/IBM/securityUtility.sh <mode> <password>

Where,

<container name> is the user-defined container name.
If you want to reuse the container name, remove the container using the command:
```
docker rm <container name>
```
If not, you can rename the container.
<path to mount files> is the absolute path of the directory where the mount files are extracted. For more information on the contents of the mount directory, see Mount directory structure.
<mode> is the encode/decode mode of the utility. Either encode or decode should be passed as the first parameter while running the utility.
- If encode is passed to the utility, it encodes the plain text password and prints it to the console in Base64 format.
- If decode is passed to the utility, it decodes the encrypted password and prints it to the console in plain text format.
<password> is the password input to be encrypted/decrypted .
- In encode mode, enter the plain text password to be encrypted.
- In decode mode, enter the encrypted password to be decrypted.

Note: To remove the container after it has finished running, add --rm to the docker command.

Important: It is recommended to use --rm docker command to avoid security breaches of passwords from the command history.

Sample run command

Run the following command to encrypt the password:

docker run --name=securityUtil --rm -it  -v /home/PEM_Install/MountFiles:/opt/IBM/Resources registry.ng.bluemix.net/gold/pem:6.2.2 /bin/bash /opt/IBM/securityUtility.sh encode password

Run the following command to decrypt password:

docker run --name=securityUtil --rm -it  -v /home/PEM_Install/MountFiles:/opt/IBM/Resources registry.ng.bluemix.net/gold/pem:6.2.2 /bin/bash /opt/IBM/securityUtility.sh decode {enc}SJfFX+tTRU/zPfpKWt9i5g==

Note: If the passphrase text in the passphrase.txt file changes, all passwords encrypted with the old passphrase must be re-encrypted one by one after the new passphrase is added to the passphrase.txt file.

Verifying the Docker run command

Check for errors in the console output to ensure the docker run command is successful.

When you run the Security Utility in encode mode, the console will display the encrypted password in Base64 format:
```
{enc}<encrypted password in base64>
```
Example:
```
{enc}SJfFX+tTRU/zPfpKWt9i5g==
```
When you run the Security Utility in decode mode, the console will display the decrypted password in plain text format:
```
<password>
```