Encrypt passwords within project configuration (CCR) files, adapter
CNXML files, and database service configuration files using the
esp_cluster_admin utility to avoid displaying sensitive data in plain
text.
Prerequisites
Configure and start your cluster.
Task
Modify the adapter .cnxml and the
database service configuration file only during project environment setup.
- Use a text editor to open the desired configuration file:
In the local (Studio) cluster:
<user's-home-dir>/SybaseESP/5.1/workspace/<project-name>/<project-name>.ccr
ESP_HOME/lib/adapters/<adapter>.cnxml
ESP_HOME/bin/service.xml
- Within the configuration file, copy the password text you want to encrypt.
In the following sample configuration file, the password is "Pass1234".
<?xml version="1.0" ?>
<Services>
<Service Name="MyDBService" Type="DB">
<Parameter Name="DriverType">JDBCASE</Parameter>
<Parameter Name="Host">localhost</Parameter>
<Parameter Name="Port">5000</Parameter>
<Parameter Name="User">testID</Parameter>
<Parameter Name="Password" encrypted="false">Pass1234</Parameter>
</Service>
</Services>
- From a command line, navigate to ESP_HOME/bin and launch the esp_cluster_admin utility using the --encrypt_text
command. This command requires host and port information as well as credentials for the
ESP server. For example, where
<Pass1234> is the password you want to encrypt, the syntax
is:
esp_cluster_admin --uri=esp[s]://<host>:<port> --username=<username> --password=<password> --encrypt_text --text=<Pass1234>
Note: If you omit the password parameter when
you call the esp_cluster_admin tool, Event Stream Processor prompts you for the password and
hides it as you type, which improves security.
The esp_cluster_admin utility writes the encrypted password
to the display.
- Copy and paste the encrypted text from the utility into the configuration file
you opened in step 1. Replace the original password in the Password parameter with the encrypted text.
- Change the encrypted="false" attribute for the
Password parameter to encrypted="true".
The encrypted attribute ensures that the server recognizes the
password as encrypted text and decrypts it at runtime. If the attribute is set to false,
the server does not recognize the password as encrypted text and tries to process the
password without decrypting it, resulting in errors.
- Save and close the configuration file.