Running the Security Utility

Prerequisite

Configure the files that are present in your Mount directory. For more information, see Configuring the files in Mount directory.

Running the Security Utility

Docker:

docker run --name="<container name>" -it -v <path to mount files>:/opt/IBM/Resources <image name>:<version> /bin/bash /opt/IBM/securityUtility.sh <mode> <password>

Podman:

podman run --name="<container name>" -it -v <path to mount files>:/opt/IBM/Resources:z <image name>:<version> /bin/bash /opt/IBM/securityUtility.sh <mode> <password>

Where,

<container name> is the user-defined container name.
If you want to reuse the container name, remove the container using the command:
- Docker:
```
docker rm <container name>
```
- Podman:
```
podman rm <container name>
```
If not, you can rename the container.
<path to mount files> is the absolute path of the directory where the mount files are extracted. For more information on the contents of the mount directory, see Mount directory structure.
<mode> is the encode/decode mode of the utility. Either encode or decode should be passed as the first parameter while running the utility.
- If encode is passed to the utility, it encodes the plain text password and prints it to the console in Base64 format.
- If decode is passed to the utility, it decodes the encrypted password and prints it to the console in plain text format.
<password> is the password input to be encrypted/decrypted .
- In encode mode, enter the plain text password to be encrypted.
- In decode mode, enter the encrypted password to be decrypted.

Note: To remove the container after it has finished running, add --rm to the docker/podman command.

Important: It is recommended to use --rm docker/podman command to avoid security breaches of passwords from the command history.

Sample run command

Run the following command to encrypt the password:

Docker:

docker run --name=securityUtil --rm -it  -v /home/PEM_Install/MountFiles:/opt/IBM/Resources registry.ng.bluemix.net/gold/pem:6.2.2 /bin/bash /opt/IBM/securityUtility.sh encode password

Podman:

podman run --name=securityUtil --rm -it  -v /home/PEM_Install/MountFiles:/opt/IBM/Resources registry.ng.bluemix.net/gold/pem:6.2.2 /bin/bash /opt/IBM/securityUtility.sh encode password

Run the following command to decrypt password:

Docker:

docker run --name=securityUtil --rm -it  -v /home/PEM_Install/MountFiles:/opt/IBM/Resources registry.ng.bluemix.net/gold/pem:6.2.2 /bin/bash /opt/IBM/securityUtility.sh decode {enc}SJfFX+tTRU/zPfpKWt9i5g==

Podman:

podman run --name=securityUtil --rm -it  -v /home/PEM_Install/MountFiles:/opt/IBM/Resources registry.ng.bluemix.net/gold/pem:6.2.2 /bin/bash /opt/IBM/securityUtility.sh decode {enc}SJfFX+tTRU/zPfpKWt9i5g==

Note: If the passphrase text in the passphrase.txt file changes, all passwords encrypted with the old passphrase must be re-encrypted one by one after the new passphrase is added to the passphrase.txt file.

Verifying the Docker/Podman run command

Check for errors in the console output to ensure the docker/podman run command is successful.

When you run the Security Utility in encode mode, the console will display the encrypted password in Base64 format:
```
{enc}<encrypted password in base64>
```
Example:
```
{enc}SJfFX+tTRU/zPfpKWt9i5g==
```
When you run the Security Utility in decode mode, the console will display the decrypted password in plain text format:
```
<password>
```