ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

How to encrypt the IM Database password in Jboss


Article ID: 16162


Updated On:


CA Identity Manager


How do you encrypt the CA Identity manager (IM) Database connections password used in Jboss\ Wildfly implementations?


Identity Manager

Release(s): 12.6.7, 12.6.8, 14.x


Navigate to the pwdtools directory "<IM_HOME>\IAM Suite\Identity Manager\tools\PasswordTool" from the Windows command line.

For example:

C:\Program Files (x86)\CA\Identity Manager\IAM Suite\Identity Manager\tools\PasswordTool

To see the encryption options run the -h (help) argument, pwdtools -h or ./pwdtools. sh -h, depending on your operating system:

Your JAVA_HOME is currently set to /opt/CA/jdk1.8.0_71/
Encrypting your password ...

        - To create a FIPS key file
        pwdtools -FIPSKEY -k <FIPS key file location>  [-f <param_file>]
        - To add a FIPS key
        pwdtools -FIPSKEY -add  [-f <param_file>]
        - To encrypt a plain text value using non FIPS (PBES) algorithm
        pwdTools -JSAFE -p <plain text>  [-f <param_file>]
        - To encrypt a shared secret using PBES algorithm and save it
        pwdTools -JSAFEKEY -p <shared_secret>  [-f <param_file>]
        - To encrypt a plain text using FIPS key file
        pwdTools -FIPS -p <plain text> -k <FIPS key file path> [-f <param_file>]
        - To encrypt a plain text value using non FIPS (RC2) algorithm
        pwdTools -RC2 -p <plain text> [-f <param_file>]
        - To encrypt a plain text value using embedded CA NIM SM algorithm
        pwdTools -CANIMSM -p <plain text>


Then execute the following, for example, assuming your password is 'testpassword':


pwdtools -JSAFE -p testpassword
Plain Text: testpassword
Encrypted value: {PBES}:wOU48f47Gksy8I5Yj0i60w==


In a text editor, open the appropriate standalone file* and enter the encrypted value :


For Example



*standalone file locations are as follows:

<appserver_home>\standalone\configuration\standalone-full.xml (single node installation) 
<appserver_home>\standalone\configuration\standalone-full-ha.xml (clustered installation)