Secret encryption

This topic describes the mfcEncryptPassword batch script and how to manage your secret configurations to ensure the security of your encrypted data.

Secret Configuration Maintenance

The encryption of secrets is based on a list of secret configurations, Any secret encrypted with these configurations will be able to be decrypted. The secret will be encrypted using the current configuration. You can manage the secret configurations using the following commands from mfcMaintenance.jar

  • generateFileKeySecretConfiguration: Generates a new configuration if the file does not already exist .To create a new configuration in addition to the existing ones within the configuration file, use the -force flag. This action sets the current configuration to the newly created configuration.

  • showSecretConfigurations: Shows all secret configurations.

  • removeSecretConfiguration: Removes one of the secret configurations. You cannot remove the current configuration.

Caution: Secrets that were encrypted with the deleted key will not be able to be decrypted.

Back to top

mfcEncryptPassword script

This section describes how to encrypt passwords and secrets for different configurations using the mfcEncryptPassword utility, allowing to keeping the secrets not in plain-text form.

Preparation:

Put the password you want to encrypt in a text file. This ensures that your password is not preserved in the command history.

You can also enter the password in command line while using the utility. This applies to both an isolated or secure system.

To encrypt a password using the mfcEncryptPassword script:

  1. Open a terminal (cmd for Window and bash for Linux).

  2. Run: cd <install-dir>\Utilities

  3. Run: mfcEncryptPassword

    If you already keep the password in a text file, do the following:

    • Windows:

      type c:\path\to\passwordfile.txt|mfcEncryptPassword.bat

    • Linux:

      cat /path/to/passwordfile|mfcEncryptPassword.sh

    If you want to provide the password in the command line, do the following:

    • Windows:

      echo mypassword|mfcEncryptPassword.bat

    • Linux:

      echo mypassword|mfcEncryptPassword.sh

  4. Check the encrypted password generated by the utility. It is a long text like the following:

    8ELkTHN5wsW+pG09A....jr/jOi/IRJkV36tN77bE

  5. Copy and paste the encrypted password to the required configuration, replacing the plain-text password or secret.

Back to top