We're running the command XPSExport and we'd like to know how to
encrypt and decrypt the sensitive data such as DB password, super user
password when exporting the full Policy Store data. How can we do that ?
Policy Server 12.8SP3 on RedHat 7;
At first glance, according to documentation, running XPSExport with
the option "-pass" will encrypt all sensitive data.
-pass <passphrase> (Optional) Specifies the passphrase that is
required for encryption of sensitive data. This passphrase must be at
least eight characters long and must contain at least one digit, one
uppercase, and one lowercase character. The passphrase can contain a
space that is enclosed in quotes. If not specified as a command-line
option, the export process prompts for a passphrase when sensitive
data is being exported.
Once you have exported the data, the only way to read the sensitive
data is to import back them running XPSImport with the same option :
(Optional) Specifies the passphrase that is required for decryption
of sensitive data. The phrase must be the same as the phrase
specified during export, or the decryption fails.