How do you encrypt the CA Identity manager (IM) Database connections password used in Jboss\ Wildfly implementations?
Identity Manager
Release(s): 12.6.7, 12.6.8, 14.x
Navigate to the pwdtools directory "<IM_HOME>\IAM Suite\Identity Manager\tools\PasswordTool" from the Windows command line.
For example:
C:\Program Files (x86)\CA\Identity Manager\IAM Suite\Identity Manager\tools\PasswordTool
To see the encryption options run the -h (help) argument, pwdtools -h or ./pwdtools. sh -h, depending on your operating system:
--------------------------------------------------
Your JAVA_HOME is currently set to /opt/CA/jdk1.8.0_71/
--------------------------------------------------
Encrypting your password ...
******************************************
Usage:
- To create a FIPS key file
pwdtools -FIPSKEY -k <FIPS key file location> [-f <param_file>]
- To add a FIPS key
pwdtools -FIPSKEY -add [-f <param_file>]
- To encrypt a plain text value using non FIPS (PBES) algorithm
pwdTools -JSAFE -p <plain text> [-f <param_file>]
- To encrypt a shared secret using PBES algorithm and save it
pwdTools -JSAFEKEY -p <shared_secret> [-f <param_file>]
- To encrypt a plain text using FIPS key file
pwdTools -FIPS -p <plain text> -k <FIPS key file path> [-f <param_file>]
- To encrypt a plain text value using non FIPS (RC2) algorithm
pwdTools -RC2 -p <plain text> [-f <param_file>]
- To encrypt a plain text value using embedded CA NIM SM algorithm
pwdTools -CANIMSM -p <plain text>
Then execute the following, for example, assuming your password is 'testpassword':
pwdtools -JSAFE -p testpassword
Plain Text: testpassword
Encrypted value: {PBES}:wOU48f47Gksy8I5Yj0i60w==
In a text editor, open the appropriate standalone file* and enter the encrypted value :
For Example
<security>
<user-name>sa</user-name>
<password><INSERT_NEW_PASSWORD_HERE></password>
</security>
*standalone file locations are as follows:
<appserver_home>\standalone\configuration\standalone-full.xml (single node installation)
<appserver_home>\standalone\configuration\standalone-full-ha.xml (clustered installation)