Encrypting Passwords for the ESP Web Services Provider

Use the esp_encrypt executable to encrypt the keystore password for the ESP Web Services Provider.

During installation, ESP encrypts the keystore password in esp_wsp.xml. Encrypt the keystore password only when you configure a new node or cluster (before you start it), or when you need to re-encrypt a password using a new key file.
  1. Shut down all nodes in the cluster.
  2. Use a text editor to open the ESP Web Services Provider configuration file:
    ESP_HOME/wsp/esp_wsp.xml
  3. Copy the keystore password. If the keystore password is not in the configuration file, add the password parameter to the keystore element and set it to "true".
    In the following section of a sample cluster node configuration file, the keystore password is "Pass1234".
    <Security>
      <Keystore>  
           <Type>JKS</Type>
           <File>keystore.jks</File>
           <Password prompt="true">Pass1234</Password>
      </Keystore>
      <Cipher>  
            <File>ESP_HOME/wsp/wsp.key</File> 
      </Cipher>
</Security>
  4. Note the value in the Cipher element. This is the cluster key file required to encrypt passwords. If the Cipher element does not exist:
    1. Create a cluster key. From a command line, navigate to ESP_HOME/bin and launch the esp_encrypt executable using the --create-key option:
      esp_encrypt --create-key wsp.key
      The command writes a new key to the file wsp.key.
    2. Add the Cipher element to <node-name>.xml using the format in step 3
  5. From a command line, navigate to ESP_HOME/bin and launch the esp_encrypt executable using the --encrypt option:
    esp_encrypt --encrypt <key-file> --text <text>
    If you enter the --text value successfully, the esp_encrypt executable writes the encrypted text to the display.
  6. Copy and paste the encrypted text from the utility into the cluster node configuration file you opened in step 2. Replace the original password in the Password parameter for the Keystore element with the encrypted text.
  7. Ensure that the encrypted attribute in the password parameter is set to encrypted="true".
    This attribute ensures that the server recognizes the password as encrypted text and decrypts it at runtime. If the attribute is not set to true, the server does not recognize the password as encrypted text and tries to process the password without decrypting it, resulting in errors.
  8. Save and close the ESP Web Services Provider configuration file.
Parent topic: Encryption