PingIntelligence

Obfuscate passwords

Using the command line interface, you can obfuscate the keys and passwords configured in apipublish.properties. The following keys and passwords are obfuscated:

  • mongo_password

  • jks_password

API Publish service is shipped with a default apipublish_master.key which is used to obfuscate the various keys and passwords. It is recommended to generate your own apipublish_master.key. A default jks_password is configured in the apipublish.properties file. NOTE: During the process of obfuscation of keys and password, API Publish service must be stopped.

The following diagram summarizes the obfuscation process.

API Publish Service-Obfuscation flow

Generate apipublish_master.key

You can generate the apipublish_master.key by running the generate_obfkey command in the CLI:

/pingidentity/apipublish/bin/cli.sh generate_obfkey -u admin -p admin

The new apipublish_master.key is used to obfuscate the passwords in apipublish.properties file.

Obfuscate key and passwords

Enter the keys and passwords in clear text in apipublish.properties file. Run the obfuscate_keys command to obfuscate keys and passwords:

/pingidentity/apipublish/bin/cli.sh obfuscate_keys -u admin -p admin

Start API Publish service after passwords are obfuscated.

After the keys and passwords are obfuscated, the apipublish_master.key must be moved to a secure location.