---
title: Obfuscating passwords
description: Using the command line interface (CLI), you can obfuscate the keys and passwords configured in apipublish.properties.
component: pingintelligence
version: 5.2
page_id: pingintelligence:installing_pingintelligence_for_apis:pingintelligence_api_publish_service_obfuscating_passwords
canonical_url: https://docs.pingidentity.com/pingintelligence/5.2/installing_pingintelligence_for_apis/pingintelligence_api_publish_service_obfuscating_passwords.html
revdate: April 3, 2024
section_ids:
  before-you-begin: Before you begin
  about-this-task: About this task
  steps: Steps
  next-steps: Next steps
---

# Obfuscating passwords

Using the command line interface (CLI), you can obfuscate the keys and passwords configured in `apipublish.properties`.

## Before you begin

## About this task

The API Publish Service is shipped with a default `apipublish_master.key`, which is used to obfuscate the various keys and passwords. It is recommended to generate your own `apipublish_master.key`. A default `jks_password` is configured in the `apipublish.properties` file.

The following keys and passwords are obfuscated:

* `mongo_password`

* `jks_password`

|   |                                                                                                  |
| - | ------------------------------------------------------------------------------------------------ |
|   | During the process of obfuscation of keys and password, the API Publish Service must be stopped. |

The following diagram summarizes the obfuscation process.

![A diagram of the API Publish Service obfuscation flow.](../_images/vxw1636544066014.png)

## Steps

1. To generate the `apipublish_master.key`, run the `generate_obfkey` command in the CLI:

   ```
   /pingidentity/apipublish/bin/cli.sh generate_obfkey -u admin -p admin
   ```

   The new `apipublish_master.key` is used to obfuscate the passwords in `apipublish.properties` file.

2. Enter the keys and passwords in clear text in the `apipublish.properties` file.

3. Run the `obfuscate_keys` command to obfuscate keys and passwords:

   ```
   /pingidentity/apipublish/bin/cli.sh obfuscate_keys -u admin -p admin
   ```

4. After the passwords are obfuscated, start the API Publish Service.

## Next steps

|   |                                                                                                              |
| - | ------------------------------------------------------------------------------------------------------------ |
|   | After the keys and passwords are obfuscated, the `apipublish_master.key` must be moved to a secure location. |