Store properties in encrypted format
Encrypt properties too sensitive to be written in clear text within worklight.properties. An encrypted property is determined by a suffix .enc on its name, for example:
The IBM Worklight configuration is accessed for a property. If the property is not found, but the same encrypted property (with .enc suffix) is defined, IBM Worklight automatically decrypts the value and returns it to the caller.
Store the master key
All of the encrypted values use the same secret key, which is stored in the special variable called worklight_enc_password. This variable is defined as an operating system environment variable:
- On Windows systems: Set an environment variable under the user running the IBM Worklight Server. When running under a Windows NT service, define the password as a service property by using the registry editor. For more information, see the Microsoft support website.
- On Linux systems: Set the environment variable.
To encrypt IBM Worklight properties on Windows systems, use the encrypt.bat utility under < worklight_install_dir>/WorklightServer.
This utility accepts a file that contains the properties to be encrypted and the encryption password. The utility outputs the encrypted values to the same file (so that sensitive data is deleted).
On Linux systems, use the encrypt.sh utility.
The input file for the encryption is called secret.properties and contains the following data:worklight_enc_password=abc123 certificate.password.enc=certificatepwd123 wl.db.password.enc=edf545
After running theencrypt.sh tool, the file secret.properties contains the following data:#Copy the contents of this file to the worklight.properties file. #Keep the password value in the secure system property worklight_enc_password. #Wed Nov 28 10:10:44 CST 2012 certificate.password.enc=dR4lnMQDaNEQyLQl7b2RmpdE99HKpqaSJ6mce0uJgaY\= wl.db.password.enc=6boxojGZsUNTXwOOGgI6dg\=\=
Parent topic IBM Worklight properties