...
In all WSO2 products, Secure Vault is commonly used for encrypting passwords and other sensitive information in configuration files. When you use the Integration profile of WSO2 EI, you can encrypt sensitive information contained in synapse configurations in addition to the information in configuration files. See the following topics:
| Table of Contents |
|---|
Encrypting passwords in configuration files
To encrypt passwords in configuration files, you simply have to update the cipher-text.properties and cipher-tool.properties files that are stored in the <EI_HOME>/conf/security/ directory and then run the Cipher tool that is shipped with the product. Go to the links given below to see instructions in the WSO2 administration guide:
- Encrypting passwords using the automated process.
- Encrypting passwords using the manual process. This is relevant when the location of the configuration files (that contain the elements to be encrypted) cannot be specified using an xpath in the
cipher-tool.propertiesfile. - Changing already encrypted passwords.
- Resolving already encrypted passwords.
Encrypting passwords for synapse configurations
The Integration profile of WSO2 EI provides a UI that can be used for encrypting passwords and other sensitive information in synapse configurations. Follow the steps below.
If you are using the Cipher tool for the first time in your environment, you must first enable the Cipher tool by executing the -Dconfigure command with the cipher tool script:
- Open a terminal and navigate to the
<EI_HOME>/bindirectory. - Execute one of the following commands:
On Linux:
./ciphertool.sh -DconfigureOn Windows:
./ciphertool.bat -Dconfigure
- Open a terminal and navigate to the
- Start the Integration profile of WSO2 EI and sign in to the management console:
- Open a terminal and navigate to the
<EI_HOME>/bindirectory. - Execute one of the following scripts:
- On Windows:
integrator.bat --run - On Linux/Mac OS:
sh integrator.sh
- On Windows:
- Sign in to the management console.
- Open a terminal and navigate to the
- Go to Manage -> Secure Vault Tool and then click Manage Passwords on the Main tab of the management console. The Secure Vault Password Management screen appears.
- Click Add New Password to encrypt and store, and then specify values for the given fields as shown below. This creates a new password entry in the registry, which is encrypted with the alias (Vault Key) that you specify.
- Vault Key: The alias for the password.
- Password: The actual password.
- Re-enter password: The password that you specified as the actual password.
Using encrypted passwords in synapse configurations
To use the alias of an encrypted password in a synapse configuration, you need to add the {wso2:vault-lookup('alias')}custom path expression when you define the synapse configuration. For example, instead of hard coding the admin user's password as <Password>admin</Password>, you can encrypt and store the password using the AdminUser.Password alias as follows: <Password>{wso2:vault-lookup('AdminUser.Password')}</Password>.
...