Specify the password encryption key

From Version 9.1.5, if the MQIPT configuration contains passwords that are encrypted using an encryption key other than the default key, we must provide the password encryption key in a file that MQIPT can read when it starts.

The password encryption key file

Passwords that are encrypted to be stored and used by MQIPT can be encrypted using an encryption key that you provide. If we do not provide an encryption key, the default encryption key is used. You do not have to specify a password encryption key, however it is more secure to do so. If we do not specify your own encryption key, the default encryption key is used.

The same password encryption key is used to encrypt and decrypt all stored passwords for an instance of MQIPT. Therefore, we need only a single password encryption key file for each MQIPT installation.

If the password encryption key for an MQIPT installation is changed, all encrypted passwords must be re-encrypted using the new encryption key.

Starting MQIPT

The default name of the password encryption key file is MQIPT_HOME_DIR/mqipt_cred.key, where MQIPT_HOME_DIR is the directory where the mqipt.conf configuration file is stored. If we are planning to run MQIPT as a service that is automatically started, we must create the password encryption key file with the default name.

1. the -sf parameter on the mqipt command used to start MQIPT.
2. the MQS_MQIPTCRED_KEYFILE environment variable.
3. the com.ibm.mq.ipt.cred.keyfile Java property.

If no password encryption key file name is provided, the default file name will be used, if the file exists. If the default password encryption key file does not exist, the default password encryption key is used.