search cancel

How to encrypt the IM Database password in Jboss

book

Article ID: 16162

calendar_today

Updated On:

Products

CA Identity Manager

Issue/Introduction

How do you encrypt the CA Identity manager (IM) Database connections password used in Jboss\ Wildfly implementations?

Environment

Identity Manager

Release(s): 12.6.7, 12.6.8, 14.x

Resolution

Navigate to the pwdtools directory "<IM_HOME>\IAM Suite\Identity Manager\tools\PasswordTool" from the Windows command line.

For example:

C:\Program Files (x86)\CA\Identity Manager\IAM Suite\Identity Manager\tools\PasswordTool

To see the encryption options run the -h (help) argument, pwdtools -h or ./pwdtools. sh -h, depending on your operating system:

--------------------------------------------------
Your JAVA_HOME is currently set to /opt/CA/jdk1.8.0_71/
--------------------------------------------------
Encrypting your password ...
******************************************

Usage:
        - To create a FIPS key file
        pwdtools -FIPSKEY -k <FIPS key file location>  [-f <param_file>]
        - To add a FIPS key
        pwdtools -FIPSKEY -add  [-f <param_file>]
        - To encrypt a plain text value using non FIPS (PBES) algorithm
        pwdTools -JSAFE -p <plain text>  [-f <param_file>]
        - To encrypt a shared secret using PBES algorithm and save it
        pwdTools -JSAFEKEY -p <shared_secret>  [-f <param_file>]
        - To encrypt a plain text using FIPS key file
        pwdTools -FIPS -p <plain text> -k <FIPS key file path> [-f <param_file>]
        - To encrypt a plain text value using non FIPS (RC2) algorithm
        pwdTools -RC2 -p <plain text> [-f <param_file>]
        - To encrypt a plain text value using embedded CA NIM SM algorithm
        pwdTools -CANIMSM -p <plain text>

 

Then execute the following, for example, assuming your password is 'testpassword':

 

pwdtools -JSAFE -p testpassword
Plain Text: testpassword
Encrypted value: {PBES}:wOU48f47Gksy8I5Yj0i60w==

 

In a text editor, open the appropriate standalone file* and enter the encrypted value :

 

For Example

                    <security>
                        <user-name>sa</user-name>
                        <password><INSERT_NEW_PASSWORD_HERE></password>
                    </security>

 

*standalone file locations are as follows:

<appserver_home>\standalone\configuration\standalone-full.xml (single node installation) 
<appserver_home>\standalone\configuration\standalone-full-ha.xml (clustered installation)

Powered by Wolken Software