This topic describes how to encrypt sensitive properties in the
SkyVault-global.properties configuration file.
-
Run the SkyVault Encrypted Properties Management Tool.
- Navigate to <ALFRESCO_HOME>/bin directory.
- Locate the SkyVault Encrypted Properties Management Tool, SkyVault-spring-encryptor.jar.
-
Run the executable jar file.
java -jar SkyVault-spring-encryptor.jar
-
Generate the public and private keys using the initkey function. The
public and private key pair is stored in the enterprise directory.
java -jar SkyVault-spring-encryptor.jar initkey c:/alfresco/tomcat/shared/classes
You now have a public key (SkyVaultSpringKey.pub) and a private key (SkyVaultSpringKey.pri) in your <ALFRESCO_HOME>/tomcat/shared/classes/alfresco/extension/enterprise directory.
Note: The private key file should be secured with the operating system permissions so that only the SkyVault process can read it.Note: Anyone can encrypt new values with the public key but only the SkyVault process can read the plain text value with the private key. -
Generate the encrypted string for your password/value using the
encrypt function.
java -jar SkyVault-spring-encryptor.jar encrypt c:/alfresco/tomcat/shared/classes <password>
Note: In the above command, remember to replace <password> with the actual password that you want to encrypt. -
Validate that the encrypted value obtained in Step 3 will decrypt the password.
-
Run the validate function.
java -jar SkyVault-spring-encryptor.jar validate c:/alfresco/tomcat/shared/classes <encrypted value>
Note: In the above command, remember to replace <encrypted value> with encrypted string value obtained in Step 3. - You will be prompted to specify the value. Enter the password/value you want to encrypt.
- You will be prompted to specify the value again. Enter the password/value you want to encrypt.
-
Run the validate function.
-
Add the encrypted password to
<ALFRESCO_HOME>/tomcat/shared/classes/alfresco-encrypted.properties
file.
db.password.enc=ENC(<enter encrypted password here>)
db.password.enc=ENC(QcAf1Lr81meuP2p6Lu9ZQqFY1AsCfoWd)
Note: Uncomment the db.password.enc property by removing the "#" character. -
Set the value of the db.password property in the
SkyVault-global.properties file to point to the
db.password.enc property in the
SkyVault-encrypted.properties file.
db.password=${db.password.enc}
Note: Uncomment the db.password property by removing the "#" character.