Store properties in encrypted format


Overview


Encrypt properties too sensitive to be written in clear text within worklight.properties. An encrypted property is determined by a suffix .enc on its name, for example:

The IBM Worklight configuration is accessed for a property. If the property is not found, but the same encrypted property (with .enc suffix) is defined, IBM Worklight automatically decrypts the value and returns it to the caller.


Store the master key

All of the encrypted values use the same secret key, which is stored in the special variable called worklight_enc_password. This variable is defined as an operating system environment variable:


Encryption

To encrypt IBM Worklight properties on Windows systems, use the encrypt.bat utility under < worklight_install_dir>/WorklightServer.

This utility accepts a file that contains the properties to be encrypted and the encryption password. The utility outputs the encrypted values to the same file (so that sensitive data is deleted).

On Linux systems, use the encrypt.sh utility.

The input file for the encryption is called secret.properties and contains the following data:

worklight_enc_password=abc123
certificate.password.enc=certificatepwd123
wl.db.password.enc=edf545

After running theencrypt.sh tool, the file secret.properties contains the following data:

#Copy the contents of this file to the worklight.properties file.
#Keep the password value in the secure system property worklight_enc_password.
#Wed Nov 28 10:10:44 CST 2012
certificate.password.enc=dR4lnMQDaNEQyLQl7b2RmpdE99HKpqaSJ6mce0uJgaY\=
wl.db.password.enc=6boxojGZsUNTXwOOGgI6dg\=\=


Parent topic IBM Worklight properties