--- title: Change default settings description: It is recommended that you change the default key and password in ASE. Following is a list of commands to change the default values: component: pingintelligence version: 5.1 page_id: pingintelligence:api_security_enforcer:pingintelligence_changing_default_settings canonical_url: https://docs.pingidentity.com/pingintelligence/5.1/api_security_enforcer/pingintelligence_changing_default_settings.html revdate: April 3, 2024 section_ids: change-ase_master-key: Change ase_master.key change-keystore-password: Change keystore password change-admin-password: Change admin password --- # Change default settings It is recommended that you change the default key and password in ASE. Following is a list of commands to change the default values: ## Change ase\_master.key Run the following command to create your own ASE master key to obfuscate keys and password in ASE. **Command**: `generate_obfkey`. ASE must be stopped before creating a new `ase_master.key` ``` /opt/pingidentity/ase/bin/cli.sh admin generate_obfkey -u admin -p admin API Security Enforcer is running. Please stop ASE before generating new obfuscation master key ``` **Stop ASE**: Stop ASE by running the following command: ``` /opt/pingidentity/ase/bin/stop.sh -u admin –p admin checking API Security Enforcer status…sending stop request to ASE. please wait… API Security Enforcer stopped ``` **Change ase\_master.key**: Enter the `generate_obfkey` command to change the default ASE master key: ``` /opt/pingidentity/ase/bin/cli.sh -u admin -p admin generate_obfkey Please take a backup of config/ase_master.key, config/ase.conf, config/abs.conf, config/cluster.conf before proceeding Warning: Once you create a new obfuscation master key, you should obfuscate all config keys also using cli.sh obfuscate_keys Warning: Obfuscation master key file /opt/pingidentity/ase/config/ase_master.key already exist. This command will delete it create a new key in the same file Do you want to proceed [y/n]: ``` After you change the `ase_master.key`, you need to obfuscate all keys and passwords with the new `ase_master.key`. Enter the keys and passwords in `ase.conf`, `abs.conf`, and `cluster.conf` in plain text and run the obfuscation commands. For more information on obfuscation, see [Obfuscate keys and passwords](pingintelligence_obfuscating_keys_and_passwords.html). **Start ASE**: After a new ASE master key is generated, start ASE by entering the following command: ``` /opt/pingidentity/ase/bin/start.sh Starting API Security Enforcer 4.1... please see /opt/pingidentity/ase/logs/controller.log for more details ``` ## Change keystore password You can change the keystore password by entering the following command. The default password is `asekeystore`. ASE must be running for updating the keystore password. **Command**: `update_keystore_password` ``` /opt/pingidentity/ase/bin/cli.sh update_keystore_password -u admin -p admin New password > New password again > keystore password updated ``` ## Change admin password You can change the default admin password by entering the following command. ``` /opt/pingidentity/ase/bin/cli.sh update_password -u admin Old password > New password > New password again > Password updated successfully ``` You can change the password on a single ASE node and propagate the change to other nodes in the ASE cluster. For more information, see [Propagate changed password](pingintelligence_delete_uuid.html). Any change in the ASE admin password must be updated in the PingIntelliegence for APIs Dashboard. Add the new password to `/webgui/config/webgui.properties` and obfuscate it.