+

Search Tips | Advanced Search

Encrypting a parameter file

If the DOMAINNAME, USERNAME, and PASSWORD values in the [Services] stanza of a parameter file are not already encrypted, we can encrypt them by running the setmqipw utility.


About this task

Use the setmqipw utility to encrypt the DOMAINNAME, USERNAME, and PASSWORD values in the [Services] stanza of a parameter file, if they are not already encrypted. (These values might be encrypted if we have run the utility before.) setmqipw will also encrypt the QMGRPASSWORD and CLIENTPASSWORD values in the [SSLMigration] stanza of a parameter file.

This encryption means that, if you need a special domain account to configure IBM MQ (see Configure IBM MQ with the Prepare IBM MQ Wizard and Creating and setting up Windows domain accounts for IBM MQ), or you need to keep key database passwords secret, details are kept secure. Otherwise, these values, including the domain account password, flow across the network as clear text. You do not have to use this utility, but it is useful if security in your network is an issue.

To run the script:


Procedure

  1. From a command line, change to the folder that contains your parameter file.
  2. Enter the following command:
     CD_drive:\setmqipw
    
    Note: We can run the command from a different folder, by entering the following command, where parameter_file is the full path and file name of the parameter file:
     CD_drive:\setmqipw parameter_file
    


Results

If you view the resulting parameter file, the encrypted values start with the string mqm*. Do not use this prefix for any other values; passwords or names that begin with this prefix are not supported.

The utility creates a log file, setmqipw.log, in the current directory. This file contains messages related to the encryption process. When encryption is successful, messages are similar to:
Encryption complete
Configuration file closed
Processing complete


What to do next

After you encrypt the parameter file, we can use it in the normal way with the MQParms command (see Install the server using the MQParms command ).