---
title: Obfuscating keys and passwords
description: Using API Behavioral Security (ABS) command line interface, you can obfuscate the keys and passwords configured inabs.properties.
component: pingintelligence
version: 5.1
page_id: pingintelligence:abs_ai_engine:pingintelligence_obfuscate_passwords
canonical_url: https://docs.pingidentity.com/pingintelligence/5.1/abs_ai_engine/pingintelligence_obfuscate_passwords.html
revdate: April 3, 2024
section_ids:
  about-this-task: About this task
  steps: Steps
---

# Obfuscating keys and passwords

Using API Behavioral Security (ABS) command line interface, you can obfuscate the keys and passwords configured in`abs.properties`.

## About this task

The keys and passwords obfuscated include:

* `mongo_password`

* `jks_password`

* `email_password`

ABS ships with a default `abs_master.key` which is used to obfuscate the keys and passwords. It is recommended to generate your own `abs_master.key`.

The following diagram summarizes the obfuscation process.

![A flowchart of the obfuscation process as described in the text.](../../5.2/_images/eij1588828809429.png)

## Steps

1. To obfuscate keys and passwords, [stop](pingintelligence_starting_stopping_abs.html) ABS.

2. To generate your `abs_master.key` , run the `generate_obfkey` ABS CLI command.

   ```
   /opt/pingidentity/abs/bin/cli.sh generate_obfkey -u admin -p admin
   Please take a backup of config/abs_master.key before proceeding.
   Warning: Once you create a new obfuscation master key, you should obfuscate all config keys also using cli.sh -obfuscate_keys
   Warning: Obfuscation master key file
   /pingidentity/abs/config/abs_master.key already exists. This command will delete it and create a new key in the same file
   Do you want to proceed [y/n]: y
   Creating new obfuscation master key
   Success: created new obfuscation master key at /pingidentity/abs/config/abs_master.key
   ```

   The new `abs_master.key` is used to obfuscate the passwords in `abs.properties` file.

   |   |                                                                                                                                                                                                                         |
   | - | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
   |   | After the keys and passwords are obfuscated, the `abs_master.key`must be moved to a secure location and not stored on ABS.In an ABS cluster, the `abs_master.key` must be manually copied to each of the cluster nodes. |

3. To obfuscate key and passwords, enter the keys and passwords in clear text in the `abs.properties` file.

4. Run the `obfuscate_keys` command.

   ```
   /opt/pingidentity/abs/bin/cli.sh obfuscate_keys -u admin -p admin
   Please take a backup of config/abs.password before proceeding
   Enter clear text keys and passwords before obfuscation.
   Following keys will be obfuscated
   config/abs.properties: mongo_password, jks_password and email_password
   Do you want to proceed [y/n]: y
   obfuscating /pingidentity/abs/config/abs.properties
   Success: secret keys in /pingidentity/abs/config/abs.properties obfuscated
   ```

5. [Start ABS](pingintelligence_starting_stopping_abs.html) after passwords are obfuscated.