Using ABS command line interface, you can obfuscate the keys and passwords configured in abs.properties. The following keys and passwords are obfuscated:
ABS ships with a default abs_master.key which is used to obfuscate the
various keys and passwords. It is recommended to generate your own
abs_master.key. The default
abs123 is configured in the
The following diagram summarizes the obfuscation process:
You can generate the abs_master.key by running the generate_obfkey command in the ABS CLI:
/opt/pingidentity/abs/bin/cli.sh generate_obfkey -u admin -p admin Please take a backup of config/abs_master.key before proceeding. Warning: Once you create a new obfuscation master key, you should obfuscate all config keys also using cli.sh -obfuscate_keys Warning: Obfuscation master key file /pingidentity/abs/config/abs_master.key already exist. This command will delete it create a new key in the same file Do you want to proceed [y/n]: y creating new obfuscation master key Success: created new obfuscation master key at /pingidentity/abs/config/abs_master.key
The new abs_master.key is used to obfuscate the passwords in abs.properties file.
Obfuscate key and passwords
Enter the keys and passwords in clear text in abs.properties file. Run the obfuscate_keys command to obfuscate keys and passwords:
/opt/pingidentity/abs/bin/cli.sh obfuscate_keys -u admin -p admin Please take a backup of config/abs.password before proceeding Enter clear text keys and password before obfuscation. Following keys will be obfuscated config/abs.properties: mongo_password, jks_password and email_password Do you want to proceed [y/n]: y obfuscating /pingidentity/abs/config/abs.properties Success: secret keys in /pingidentity/abs/config/abs.properties obfuscated
Start ABS after passwords are obfuscated.