Using the command line interface, you can obfuscate the keys and passwords configured in The following keys and passwords are obfuscated:

  • mongo_password
  • jks_password

API Publish service is shipped with a default apipublish_master.key which is used to obfuscate the various keys and passwords. It is recommended to generate your own apipublish_master.key. A default jks_password is configured in the file.

Note: During the process of obfuscation of keys and password, API Publish service must be stopped.
The following diagram summarizes the obfuscation process.
API Publish Service-Obfuscation flow

Generate apipublish_master.key

You can generate the apipublish_master.key by running the generate_obfkey command in the CLI:

/pingidentity/apipublish/bin/ generate_obfkey -u admin -p admin

The new apipublish_master.key is used to obfuscate the passwords in file.

Obfuscate key and passwords

Enter the keys and passwords in clear text in file. Run the obfuscate_keys command to obfuscate keys and passwords:

/pingidentity/apipublish/bin/ obfuscate_keys -u admin -p admin

Start API Publish service after passwords are obfuscated.

Important: After the keys and passwords are obfuscated, the apipublish_master.key must be moved to a secure location.