Encrypting Passwords for Configuration Files

Encrypt passwords within project configuration (CCR) files, adapter CNXML files, and database service configuration files using the esp_cluster_admin utility to avoid displaying sensitive data in plain text.

Prerequisites
Configure and start your cluster.
Task

Modify the adapter .cnxml and the database service configuration file only during project environment setup.

  1. Use a text editor to open the desired configuration file:

    In the local (Studio) cluster: <user's-home-dir>/SybaseESP/5.1/workspace/<project-name>/<project-name>.ccr

    ESP_HOME/lib/adapters/<adapter>.cnxml

    ESP_HOME/bin/service.xml

  2. Within the configuration file, copy the password text you want to encrypt.
    In the following sample configuration file, the password is "Pass1234".
    <?xml version="1.0" ?>
  <Services>
    <Service Name="MyDBService" Type="DB">
      <Parameter Name="DriverType">JDBCASE</Parameter>
      <Parameter Name="Host">localhost</Parameter>
      <Parameter Name="Port">5000</Parameter>
      <Parameter Name="User">testID</Parameter>
      <Parameter Name="Password" encrypted="false">Pass1234</Parameter>
    </Service>
  </Services>
  3. From a command line, navigate to ESP_HOME/bin and launch the esp_cluster_admin utility using the --encrypt_text command. This command requires host and port information as well as credentials for the ESP server. For example, where <Pass1234> is the password you want to encrypt, the syntax is:
    esp_cluster_admin --uri=esp[s]://<host>:<port> --username=<username> --password=<password> --encrypt_text --text=<Pass1234>
    Note: If you omit the password parameter when you call the esp_cluster_admin tool, Event Stream Processor prompts you for the password and hides it as you type, which improves security.
    The esp_cluster_admin utility writes the encrypted password to the display.
  4. Copy and paste the encrypted text from the utility into the configuration file you opened in step 1. Replace the original password in the Password parameter with the encrypted text.
  5. Change the encrypted="false" attribute for the Password parameter to encrypted="true".
    The encrypted attribute ensures that the server recognizes the password as encrypted text and decrypts it at runtime. If the attribute is set to false, the server does not recognize the password as encrypted text and tries to process the password without decrypting it, resulting in errors.
  6. Save and close the configuration file.
Parent topic: Encryption