Encrypting a parameter file
Use the setmqipw utility to encrypt the DOMAINNAME, USERNAME, and PASSWORD values in the [Services] stanza of a parameter file, if they are not already encrypted. (These values might be encrypted if you have run the utility before.) setmqipw will also encrypt the QMGRPASSWORD and CLIENTPASSWORD values in the [SSLMigration] stanza of a parameter file.
This encryption means that, if we need a special domain account to configure WebSphere MQ (see Configuring WebSphere MQ accounts), or we need to keep key database passwords secret, details are kept secure. Otherwise, these values, including the domain account password, flow across the network as clear text. You do not have to use this utility, but it is useful if security in your network is an issue.
To run the script:
- From a command line, change to the folder that contains your parameter file.
- Enter the following command:
CD_drive:\setmqipwYou can run the command from a different folder, by entering the following command, where parameter_file is the full path and file name of the parameter file:
CD_drive:\setmqipw parameter_file
If you view the resulting parameter file, the encrypted values start with the string mqm*. Do not use this prefix for any other values; passwords or names that begin with this prefix are not supported.
The utility creates a log file, setmqipw.log, in the current directory. This file contains messages related to the encryption process. When encryption is successful, messages are similar to:
Encryption complete Configuration file closed Processing complete
After you encrypt the parameter file, we can use it in the normal way with the MQParms command (see Using the MQParms command).
Parent topic:
Using the MQParms command