Obfuscate keys and passwords - PingIntelligence for APIs - 4.4

Obfuscate keys and passwords - PingIntelligence for APIs - 4.4 - 4.0

PingIntelligence

bundle

pingintelligence-44

ft:publication_title

PingIntelligence

Product_Version_ce

PingIntelligence for APIs 4.4

category

APISecurity

AdvancedAPICybersecurity

Capability

Environment

Product

apisecurity

capability

linux

pi-44

pingintelligence

private

ContentType_ce

Page created: 6 Nov 2020 |

Page updated: 12 May 2021

| 2 min read

4.4 Capability API Security Advanced API Cybersecurity Linux On-Premises Operating System Hosting Environment PingIntelligence for APIs Product PingIntelligence 4.0

Using the PingIntelligence Dashboard command line interface, you can obfuscate the keys and passwords configured in dashboard.properties. The following keys and passwords are obfuscated:

abs.access_key
abs.secret_key
es.password

Dashboard ships with a default dashboard_master.key which is used to obfuscate the keys and passwords. It is recommended to generate your own dashboard_master.key.

Note: During the process of obfuscation of keys and password, Dashboard must be stopped. For more information, see Start and stop Dashboard.

The following diagram summarizes the obfuscation process:

Generate dashboard_master.key

You can generate the dashboard_master.key by running the generate_obfkey command in the Dashboard CLI:

/opt/pingidentity/dashboard/bin/cli.sh generate_obfkey -u admin -p
Password>

Please take a backup of config/dashboard_master.key before proceeding.

Warning: Once you create a new obfuscation master key, you should obfuscate all config keys also using cli.sh obfuscate_keys

Warning: Obfuscation master key file /opt/pingidentity/dashboard/config/dashboard_master.key already exist. This command will delete it create a new key in the same file

Do you want to proceed [y/n]: y

creating new obfuscation master key
Success: created new obfuscation master key at /opt/pingidentity/dashboard/config/dashboard_master.key

Obfuscate key and passwords

Enter the keys and passwords in clear text in dashboard.properties file. Run the obfuscate_keys command to obfuscate keys and passwords:

/opt/pingidentity/dashboard/bin/cli.sh obfuscate_keys -u admin -p
Password>

Please take a backup of config/dashboard.properties before proceeding

Enter clear text keys and password before obfuscation.

Following keys will be obfuscated
 config/dashboard.properties: abs.access_key, abs.secret_key and es.password

Do you want to proceed [y/n]: y

obfuscating /opt/pingidentity/dashboard/config/dashboard.properties

Success: secret keys in /opt/pingidentity/dashboard/config/dashboard.properties obfuscated

Start the Dashboard after passwords are obfuscated. For more information, see Start and stop Dashboard.

Important: After the keys and passwords are obfuscated and the Dashboard has started, move the dashboard_master.key to a secure location away from the Dashboard for security reasons. Before restarting the Dashboard, the dashboard_master.key must be present in the /opt/pingidentity/dashboard/config/ directory.