You are here

Encrypting configuration properties

You can encrypt sensitive properties in the SkyVault-global.properties configuration file.
  1. Run the SkyVault Encrypted Properties Management Tool.
    1. Navigate to <ALFRESCO_HOME>/bin directory.
    2. Locate the SkyVault Encrypted Properties Management Tool, SkyVault-spring-encryptor.jar.
    3. Run the executable jar file.

      java -jar SkyVault-spring-encryptor.jar

  2. Generate the public and private keys using the initkey function. The public and private key pair is stored in the enterprise directory.

    java -jar SkyVault-spring-encryptor.jar initkey c:/alfresco/tomcat/shared/classes

    You now have a public key (SkyVaultSpringKey.pub) and a private key (SkyVaultSpringKey.pri) in your <ALFRESCO_HOME>/tomcat/shared/classes/alfresco/extension/enterprise directory.

    Note: The private key file should be secured with the operating system permissions so that only the SkyVault process can read it.
    Note: Anyone can encrypt new values with the public key but only the SkyVault process can read the plain text value with the private key.
  3. Generate the encrypted string for your password/value using the encrypt function.

    java -jar SkyVault-spring-encryptor.jar encrypt c:/alfresco/tomcat/shared/classes <password>
    Note: In the above command, remember to replace <password> with the actual password that you want to encrypt.
  4. Validate that the encrypted value obtained in Step 3 will decrypt the password.
    1. Run the validate function.

      java -jar SkyVault-spring-encryptor.jar validate c:/alfresco/tomcat/shared/classes <encrypted value>
      Note: In the above command, remember to replace <encrypted value> with encrypted string value obtained in Step 3.
    2. You will be prompted to specify the value. Enter the password/value you want to encrypt.
    3. You will be prompted to specify the value again. Enter the password/value you want to encrypt.

  5. Add the encrypted password to <ALFRESCO_HOME>/tomcat/shared/classes/alfresco-encrypted.properties file.

    db.password.enc=ENC(<enter encrypted password here>)

    db.password.enc=ENC(QcAf1Lr81meuP2p6Lu9ZQqFY1AsCfoWd)
    Note: Uncomment the db.password.enc property by removing the "#" character.
  6. Set the value of the db.password property in the SkyVault-global.properties file to point to the db.password.enc property in the SkyVault-encrypted.properties file.

    db.password=${db.password.enc}
    Note: Uncomment the db.password property by removing the "#" character.