The secure vault cipher tool enables you to encrypt passwords to improve security.
- Make sure the
ciphertool.sh(Linux) orciphertool.bat(Windows) file is accessible in your product'sbinfolder. - This sample is based on the XML configuration file called
rss-config.xmlfile which has two passwords called “rssadmin” and “root”. - Edit cipher configurations. The cipher related configurations are located in the following location in product:
wso2product/repository/conf/security/. The two configuration files that need to be edited arecipher-text.propertiesandciphertool.properties. Add the following lines to the
cipher-tool.propertiesfile.#rssconfig.xml xpaths RSSConfiguration.DEFAULT.WSO2RSS1.Password=rss-config.xml//RSSConfiguration/Environments/Environment[Name='DEFAULT']/RSSInstances/RSSInstance[Name='WSO2RSS1']/DataSourceConfiguration/Definition/Password,true
Mention the file name and the XPath of the XML element which describes the password. Also encrypt the password for each password separately by comma separated false (
,false).Add the following lines to the
cipher-text.propertiesfile.#rssconfig.xml passwords RSSConfiguration.DEFAULT.WSO2RSS1.Password=[root]
You can see the default password for the Carbon product is “
wso2carbon”.Apply the real password and encrypt it. To do this, open a terminal and navigate to your product's
binfolder and enter the following command:sh ciphertool.sh -Dconfigure RSSConfiguration.DEFAULT.WSO2RSS1.Password=root
RSSConfiguration.DEFAULT.WSO2RSS1.Password is the key for the cipher files.- Enter the default password which is “
wso2carbon” (,wso2carbon). - You can now see encrypted passwords in the
cipher-text.properiesfile.