PingIntelligence

Obfuscating passwords

Using the command line interface (CLI), you can obfuscate the keys and passwords configured in apipublish.properties.

Before you begin

About this task

The API Publish Service is shipped with a default apipublish_master.key, which is used to obfuscate the various keys and passwords. It is recommended to generate your own apipublish_master.key. A default jks_password is configured in the apipublish.properties file.

The following keys and passwords are obfuscated:

  • mongo_password

  • jks_password

During the process of obfuscation of keys and password, the API Publish Service must be stopped.

The following diagram summarizes the obfuscation process.

A diagram of the API Publish Service obfuscation flow.

Steps

  1. To generate the apipublish_master.key, run the generate_obfkey command in the CLI:

    /pingidentity/apipublish/bin/cli.sh generate_obfkey -u admin -p admin

    The new apipublish_master.key is used to obfuscate the passwords in apipublish.properties file.

  2. Enter the keys and passwords in clear text in the apipublish.properties file.

  3. Run the obfuscate_keys command to obfuscate keys and passwords:

    /pingidentity/apipublish/bin/cli.sh obfuscate_keys -u admin -p admin

  4. After the passwords are obfuscated, start the API Publish Service.

Next steps

After the keys and passwords are obfuscated, the apipublish_master.key must be moved to a secure location.