---
title: Obfuscate passwords
description: Using the command line interface, you can obfuscate the keys and passwords configured in apipublish.properties. The following keys and passwords are obfuscated:
component: pingintelligence
version: 5.1
page_id: pingintelligence:pingintelligence_production_deployment:pingintelligence_api_publish_service_obfuscating_passwords
canonical_url: https://docs.pingidentity.com/pingintelligence/5.1/pingintelligence_production_deployment/pingintelligence_api_publish_service_obfuscating_passwords.html
revdate: March 21, 2024
section_ids:
  generate-apipublish_master-key: Generate apipublish_master.key
  obfuscate-key-and-passwords: Obfuscate key and passwords
---

# Obfuscate passwords

Using the command line interface, you can obfuscate the keys and passwords configured in `apipublish.properties`. The following keys and passwords are obfuscated:

* `mongo_password`

* `jks_password`

API Publish service is shipped with a default `apipublish_master.key` which is used to obfuscate the various keys and passwords. It is recommended to generate your own `apipublish_master.key`. A default `jks_password` is configured in the `apipublish.properties` file. NOTE: During the process of obfuscation of keys and password, API Publish service must be stopped.

The following diagram summarizes the obfuscation process.

![API Publish Service-Obfuscation flow](../_images/vxw1636544066014.png)

## Generate apipublish\_master.key

You can generate the `apipublish_master.key` by running the `generate_obfkey` command in the CLI:

```
/pingidentity/apipublish/bin/cli.sh generate_obfkey -u admin -p admin
```

The new `apipublish_master.key` is used to obfuscate the passwords in `apipublish.properties` file.

## Obfuscate key and passwords

Enter the keys and passwords in clear text in `apipublish.properties` file. Run the `obfuscate_keys` command to obfuscate keys and passwords:

```
/pingidentity/apipublish/bin/cli.sh obfuscate_keys -u admin -p admin
```

Start API Publish service after passwords are obfuscated.

|   |                                                                                                              |
| - | ------------------------------------------------------------------------------------------------------------ |
|   | After the keys and passwords are obfuscated, the `apipublish_master.key` must be moved to a secure location. |