Obfuscate passwords - PingIntelligence for APIs

Obfuscate passwords - PingIntelligence for APIs - 5.1

PingIntelligence

bundle

pingintelligence-51

ft:publication_title

PingIntelligence

Product_Version_ce

PingIntelligence for APIs 5.1

category

APISecurity

AdvancedAPICybersecurity

Capability

Environment

Product

apisecurity

capability

linux

pi-51

pingintelligence

private

ContentType_ce

Using the command line interface, you can obfuscate the keys and passwords configured in apipublish.properties. The following keys and passwords are obfuscated:

mongo_password
jks_password

API Publish service is shipped with a default apipublish_master.key which is used to obfuscate the various keys and passwords. It is recommended to generate your own apipublish_master.key. A default jks_password is configured in the apipublish.properties file.

Note: During the process of obfuscation of keys and password, API Publish service must be stopped.

The following diagram summarizes the obfuscation process.
API Publish Service-Obfuscation flow

Generate apipublish_master.key

You can generate the apipublish_master.key by running the generate_obfkey command in the CLI:

/pingidentity/apipublish/bin/cli.sh generate_obfkey -u admin -p admin

The new apipublish_master.key is used to obfuscate the passwords in apipublish.properties file.

Obfuscate key and passwords

Enter the keys and passwords in clear text in apipublish.properties file. Run the obfuscate_keys command to obfuscate keys and passwords:

/pingidentity/apipublish/bin/cli.sh obfuscate_keys -u admin -p admin

Start API Publish service after passwords are obfuscated.

Important: After the keys and passwords are obfuscated, the apipublish_master.key must be moved to a secure location.