Obfuscating passwords - PingIntelligence for APIs

Obfuscating passwords - PingIntelligence for APIs - 5.2

PingIntelligence

bundle

pingintelligence-52

ft:publication_title

PingIntelligence

Product_Version_ce

PingIntelligence for APIs 5.2 (Latest)

category

APISecurity

AdvancedAPICybersecurity

Capability

Environment

Product

apisecurity

capability

linux

pi-52

pingintelligence

private

ContentType_ce

Using the command line interface (CLI), you can obfuscate the keys and passwords configured in apipublish.properties.

The API Publish Service is shipped with a default apipublish_master.key, which is used to obfuscate the various keys and passwords. It is recommended to generate your own apipublish_master.key. A default jks_password is configured in the apipublish.properties file.

The following keys and passwords are obfuscated:

mongo_password
jks_password

Note:

During the process of obfuscation of keys and password, the API Publish Service must be stopped.

The following diagram summarizes the obfuscation process.

A diagram of the API Publish Service obfuscation flow.

To generate the apipublish_master.key, run the generate_obfkey command in the CLI:
```
/pingidentity/apipublish/bin/cli.sh generate_obfkey -u admin -p admin
```
The new apipublish_master.key is used to obfuscate the passwords in apipublish.properties file.
Enter the keys and passwords in clear text in the apipublish.properties file.

Run the obfuscate_keys command to obfuscate keys and passwords:

/pingidentity/apipublish/bin/cli.sh obfuscate_keys -u admin -p admin

After the passwords are obfuscated, start the API Publish Service.

Important:

After the keys and passwords are obfuscated, the apipublish_master.key must be moved to a secure location.