mqiptPW (encrypt stored password)

Encrypt a password for use by IBM® MQ Internet Pass-Thru (MQIPT).

Purpose

Use the mqiptPW command to encrypt a password that is stored for use by MQIPT.

The MQIPT configuration might include passwords to access various resources, as well as the MQIPT access password for administration using the command port. All passwords that are specified in the MQIPT configuration should be protected by encrypting the password with the mqiptPW command.

Syntax

Use this syntax to call the mqiptPW command to encrypt any password for use by MQIPT in IBM MQ 9.1.5 or higher. Store the encrypted password in the appropriate property in the mqipt.conf configuration file.

The command prompts for the password to be encrypted to be entered.

Read syntax diagramSkip visual syntax diagram mqiptPW -sfencryption_key_file-spprotection_mode-sm

Optional parameters

-sf encryption_key_file
The name of a file that contains the password encryption key. If specified, the file must contain at least one character, and only one line.
If this parameter is not specified, the default password encryption key is used.
This parameter can be specified only with password protection mode 1 or higher.
CAUTION:
The default encryption key is the same for all MQIPT installations. To protect passwords securely, supply an encryption key that is unique to your installation.
-sp protection_mode
The password protection mode that is used by the command. One of the following values can be specified:
2
Use the latest password protection mode. This is the default value.
1
Use the IBM MQ 9.1.5 password protection mode for compatibility with versions earlier than IBM MQ 9.3.0.
0
[Deprecated]Use the deprecated password protection mode.
[MQ 9.4.4 Oct 2025]-sm
Encrypts passwords using a FIPS compliant cryptographic library.
You cannot use this parameter with the -sp parameter set to 0.

Deprecated syntax to encrypt key ring passwords

Use this syntax to call the mqiptPW command to encrypt a key ring password. The encrypted password is stored in file which can be read by any version of MQIPT. [Deprecated]This syntax is deprecated from IBM MQ 9.1.5 as it does not offer the most secure encryption method.

Read syntax diagramSkip visual syntax diagram mqiptPW passwordfile_name-replace
[Deprecated]

Parameters for deprecated syntax

password
The clear text password to encrypt. Passwords can include the space character, but the whole password string must be enclosed in quotes for this to be acceptable. There is no limit to the length or format of the password.
file_name
The name of a file to create, to contain the encrypted password.
-replace
Overwrite an existing password file with the same name, if it exists. This parameter is optional.

Return codes

Table 1. Return code identifiers and descriptions
Return code Description
0 Command successful.
>0 Command not successful.