Encrypting Passwords for Configuration Files

esp_cluster_admin includes an encrypt command for applying encryption to configuration file passwords.

Prerequisites
Set the ESP_HOME environment variable.
Task

Modify the adapter .cnxml and the database service configuration file only during project environment setup; however, since access to project configuration files is required beyond setup, Studio provides an environment in which to modify project file properties. For more information on configuring project files in Studio, see the Studio Users Guide.

  1. Use a text editor to open the desired configuration file.
  2. Call esp_cluster_admin and provide your credentials.
  3. To run the encrypt command against the password in your configuration file, select and copy the password text from the text editor.
    In the following sample configuration file, the password is "Pass1234".
    <?xml version="1.0" ?>
- <Services>
- <Service Name="MyDBService" Type="DB">
  <Parameter Name="DriverType">JDBCASE</Parameter>
  <Parameter Name="Host">localhost</Parameter>
  <Parameter Name="Port">5000</Parameter>
  <Parameter Name="User">testID</Parameter>
  <Parameter Name="Password" encrypted="false">Pass1234</Parameter>
  </Service>
  </Services>
  4. In the utility, enter the encrypt command and paste the configuration file password text beside it.
    --encrypt Pass1234
  5. Run the command.
    The action produces a string of encrypted text that contains your hidden password:
    OJ5f+g5FmzcEdcbonmSREyIHPoAf3O3o5LAK9drQp7J5a5snY4luj/kdnc61LHNARLA7fOQbp2x20PFMRyti2RTl5qgoUxMjIptDXBm3GIOvXso6AoPBG/RUaA1dV8giMySEK/GJfnxSSsURfAJm5OHSK8pdt7OBmil0CaSUZdc=
  6. Copy and paste the encrypted text from the utility to the text editor containing the configuration file. Replace the original password under the Password parameter with the encrypted text, then create and set an encrypted attribute for the parameter to true.
    This attribute ensures that the server recognizes the password as encrypted text and decrypts it at runtime. If the attribute is set to false, the server does not recognize the password as encrypted text and, therefore, tries to process the password without decrypting it, resulting in errors.
    Note: The following example uses the database service configuration file.
    <?xml version="1.0" ?>
- <Services>
- <Service Name="MyDBService" Type="DB">
  <Parameter Name="DriverType">JDBCASE</Parameter>
  <Parameter Name="Host">localhost</Parameter>
  <Parameter Name="Port">5000</Parameter>
  <Parameter Name="User">testID</Parameter>
  <Parameter Name="Password" encrypted="true">OJ5f+g5FmzcEdcbonmSREyIHPoAf3O3o5LAK9drQp7J5a5snY4luj/kdnc61LHNARLA7fOQbp2x20PFMRyti2RTl5qgoUxMjIptDXBm3GIOvXso6AoPBG/RUaA1dV8giMySEK/GJfnxSSsURfAJm5OHSK8pdt7OBmil0CaSUZdc=</Parameter>
  </Service>
  </Services>
  7. Save the configuration file.
Parent topic: Password Encryption on Configuration Files