Other files that can be encrypted

The files containing the PIN needed to access a certificate key or trust store, such as the ads-truststore.pin, keystore.pin, and truststore.pin files in the server’s config directory, can be encrypted.

If a command-line tool needs to read a password from a file, such as when using the --bindPasswordFile, --keyStorePasswordFile, or --trustStorePasswordFile arguments offered by LDAP-enabled tools, it should be able to read from encrypted files.

If a command-line tool supports obtaining default argument values from a properties file, such as from config/tools.properties, that properties file can be encrypted.

When writing its output to one or more files, the ldapsearch tool can encrypt the data as it is written.

When reading the set of changes to process, the ldapmodify and parallel-update tools can read those changes from encrypted LDIF files.

LDIF tools like ldifsearch, ldifmodify, and ldif-diff support reading from and writing to encrypted LDIF files.