11. Encrypting Properties/Variables¶
You can encrypt DataPower passwords or any other property used by DPBuddy or by Apache Ant. DPBuddy provides commands/tasks for encrypting and decrypting arbitrary values. These commands utilize open-source Jascrypt library.
Encrypted values have the format of “ENC{encrypted value}”. When DPBuddy encounters this format in the “conf” file, it attempts to decrypt it automatically (unless autoDecrypt
property is set to false
). For Ant properties (defined in a property file or using the property
task), you must use decrypt
task documented below.
DataPower passwords (dp.password
property) are always decrypted automatically.
The key (a.k.a “master password”) used for encryption/decryption must be provided externally. It can be specified as an environment variable or as a JVM system property.
To obtain master password, DPBuddy first checks the environment variable DP_MASTER_PASSWORD
. If it’s not defined, it checks dp.master.password
JVM system property. If the property is not defined and the value is encrypted, DPBuddy will raise an error.
You can set JVM system property using DBPUDD_OPTS or ANT_OPTS environment variable. E.g.:
export ANT_OPTS="-Xms256m -Xmx1648m -Ddp.master.password=master_secret"
11.1. encrypt
¶
Encrypts the provided value using the available master password and prints the encrypted value to standard out. The printed output can then be manually copied and saved in a “conf” file or in a properties file.
11.1.1. Attributes/Options¶
Name | Description | Required |
---|---|---|
value | Value to encrypt. | Yes |
passwd | Encryption key/password. If not provided, the command will use the value from DP_MASTER_PASSWORD environment variable or dp.master.password system property. If both are missing, an error will be raised. |
No |
11.1.2. Examples¶
dpbuddy encrypt -value secret_password
11.2. decrypt
¶
Decrypts the provided value using the available master password and saves the decrypted value in the property specified by the property
attribute. If used from the command line, prints the decrypted value to standard out.
11.2.1. Attributes/Options¶
Name | Description | Required |
---|---|---|
encrypted | Encrypted value to decrypt. Must be in the format “ENC{encrypted value}”. | Yes |
passwd | Decryption key/password. If not provided, the command will use the value from DP_MASTER_PASSWORD environment variable or dp.master.password system property. If both are missing, an error will be raised. |
No |
property | Name of Ant property to populate with the decrypted value | No |
11.2.2. Examples¶
<property name="encr.prop" value="ENC{r5MmGcyzV01h1ErKUx6/uA==}" />
<dp:decrypt property="decrypted" encrypted="${encr.prop}" />