Password encryption
For added security, consider encrypting your passwords in the application.yaml file.
In the jetty > SSL section of the application.yaml file, the following settings can be encrypted:
- keyStorePassword
- keyManagerPassword
- trustStorePassword
In the serverSettings section of the application.yaml file, the following settings can be encrypted:
- opsUserPassword
- cmePassword
- jksPassword
- webDAVPassword
In the serverSettings > samlSettings section of the application.yaml file, the following settings can be encrypted:
- encryptionKeyPassword
- signingKeyPassword
- tlsKeyPassword
In the serverSettings > accountManagement > smtpServer section of the application.yaml file, the following settings can be encrypted:
- password
In the cassandraCluster section of the application.yaml file, the following settings can be encrypted:
- password
- truststorePassword
Procedure: Encryping passwords
Start
- Open the application.yaml file.
- For each field that you want to be encrypted, prefix the field value with '"CRYPT:"'. For example:
... opsUserName: ops opsUserPassword: CRYPT:an03xPrxLAu9p== ...
- Run the GWS application with the '"--encrypt"' parameter followed by the password you need to encrypt. For example:
The server won't actually start, the application only encrypts the supplied password and then quits. This feature is only supported for JAR (Spring Boot) distributables.
$ java -jar gws.jar --encrypt ops CRYPT:an03xPrxLAu9p== $ _
Comments or questions about this documentation? Contact us for support!