encrypt icon

Encryption and Obfuscation of Properties

Version: 17.07

Encryption and obfuscation can be used in IMonitor-X configurations to prevent specifying sensitive parameter values such as passwords in plain text. The following sections illustrates about the utilities provided with IMonitor-X for these operations and their usage.

Encryption

In IMonitor-X, the application configuration properties (i.e. properties defined in resources/application.properties file) can be specified as encrypted values instead of plain text. This can be useful for sensitive properties such as database user password, LDAP password, etc.

IMonitor-X distribution contains a shell script utility that can be used to encrypt these property values easily by following the below steps.

  1. Navigate to IMonitor-X directory and run the encryption utility

sh bin/encrypt.sh

  1. First provide the value to be encrypted and then followed by the master password to be used for encryption.

----------------- Adroitlogic Property Encryption Utility -----------------

Value to be encrypted: myDBPassword (1)
Master password: APP_PASSWORD (2)
1 This is the sensitive property value to be encrypted (e.g. Database password)
2 This is the master password to be used for encryption. Please note that the same master password must be used for all encryption operations and the same should be specified as MASTER_PASSWORD in the jetty.sh startup script. 
MASTER_PASSWORD=APP_PASSWORD

usage()
{
...

  1. This will generate an output similar to below.

----ENVIRONMENT-----------------

Runtime: Oracle Corporation Java HotSpot(TM) 64-Bit Server VM 25.112-b16

----ARGUMENTS-------------------

input: myDBPassword
password: APP_PASSWORD

----OUTPUT----------------------

Wv1LCmNsJ2ERxaEFJKFoPofFW+QLUGbx

Copy the output value, enclose it inside ENC() and specify the resulting value in application.properties file.

Example
spring.datasource.password = ENC(Wv1LCmNsJ2ERxaEFJKFoPofFW+QLUGbx)

Obfuscation

In IMonitor-X, the Jetty server configuration properties (i.e. properties defined in etc/jetty.conf file) can be specified as obfuscated values instead of plain text. This can be useful for sensitive properties such as keystore password, truststore password, etc.

IMonitor-X distribution contains a shell script utility that can be used to obfuscate these property values easily by following the below steps.

  1. Navigate to IMonitor-X directory and run the obfuscation utility

sh bin/obfuscate.sh

  1. First provide the value to be obfuscated and then followed by the name of the OS user account under which the application will be executed.

----------------- Adroitlogic Property Obfuscator Utility -----------------

Value to be obfuscated: myKeyStorePassword (1)
Username: adrt (2)
1 This is the sensitive property value to be obfuscated (e.g. Database password)
2 This is the name of the OS user account under which the application will be executed

  1. This will generate an output similar to below.

OBF:1v8s1vg11vgt1v9u
MD5:2b1f399b9c4f7e15dfe4532f65c945be
CRYPT:myhCBEXB/bj9.

Copy the obfuscated value (the line starting with OBF) and specify it as the property value in configuration file.

Example
jetty.sslContext.keyStorePassword=OBF:1v8s1vg11vgt1v9u
In this topic
In this topic
(c) Copyright 2016-2017 AdroitLogic. All rights reserved.
Terms of Use
Contact Us