Using the PingIntelligence Dashboard command line interface, you can obfuscate the keys and passwords configured in dashboard.properties. The following keys and passwords are obfuscated:
- abs.access_key
- abs.secret_key
- es.password
Dashboard ships with a default dashboard_master.key
which is used to obfuscate
the keys and passwords. It is recommended to generate your own
dashboard_master.key.
The following diagram summarizes the obfuscation process:
Generate dashboard_master.key
You can generate the dashboard_master.key by running the generate_obfkey command in the Dashboard CLI:
/opt/pingidentity/dashboard/bin/cli.sh generate_obfkey -u admin -p
Password>
Please take a backup of config/dashboard_master.key before proceeding.
Warning: Once you create a new obfuscation master key, you should obfuscate all config keys also using cli.sh obfuscate_keys
Warning: Obfuscation master key file /opt/pingidentity/dashboard/config/dashboard_master.key already exist. This command will delete it create a new key in the same file
Do you want to proceed [y/n]: y
creating new obfuscation master key
Success: created new obfuscation master key at /opt/pingidentity/dashboard/config/dashboard_master.key
Obfuscate key and passwords
Enter the keys and passwords in clear text in dashboard.properties file. Run the obfuscate_keys command to obfuscate keys and passwords:
/opt/pingidentity/dashboard/bin/cli.sh obfuscate_keys -u admin -p
Password>
Please take a backup of config/dashboard.properties before proceeding
Enter clear text keys and password before obfuscation.
Following keys will be obfuscated
config/dashboard.properties: abs.access_key, abs.secret_key and es.password
Do you want to proceed [y/n]: y
obfuscating /opt/pingidentity/dashboard/config/dashboard.properties
Success: secret keys in /opt/pingidentity/dashboard/config/dashboard.properties obfuscated
Start the Dashboard after passwords are obfuscated. For more information, see Start and stop Dashboard.