Password encryption

By default, Service Virtualization encrypts sensitive data such as passwords, stored in agent configuration files, or database credentials. If necessary, you can also encrypt virtual service credentials saved in virtualization projects. You can also encrypt project archives files (.vproja) or service template files (.vstz) .

Service Virtualization encrypts data for the following application components:

Service Virtualization Server encryption During Server installation, a random encryption password is generated (unless one already exists from a previous installation). The password is stored for the Windows system account user and used for all server encryptions.
Designer/Embedded Server encryption During Designer installation, or if you are running the Designer for the first time, a random encryption password is generated (unless one already exists from a previous installation). Each Windows user running the Designer has their own password. This password is used to encrypt sensitive data such as agent configurations, database credentials, and REST management configuration.
Project encryption

You can define a password for encrypting virtualization projects, virtualization project archives, and virtual service templates. For other users to open the encrypted entities, you must provide them with the encryption password.

Protecting sensitive data in your virtualization projects

When you start Designer for the first time, it will prompt you for a default project password. When you supply the password, all new virtualization projects will use this password to encrypt virtual service credentials when stored locally on the disk.

You can change the default project encryption password at a later time in the Options dialog box. In the Designer, select Tools > Options > Projects and Solutions.

Note: Changing the password does not affect any existing virtualization projects.

If you attempt to open a project with encrypted data, and the Designer is unable to decrypt it, you will be prompted for a password.

Note: The Designer remembers each project password, so you won’t have to supply the password again.

You can also change the project password directly from the Virtualization Explorer. In the Virtualization Explorer, select the project, and choose Change Encryption Password from the right-click menu.

Back to top

Protecting sensitive data in your virtualization project exports

When you export a virtualization project, you specify whether the archive file (.vproja ) should be protected by a password. You can specify how to protect the file: No password, Current project password, or a Custom password.

For other users to use the service template, you must provide them with the encryption password.

Back to top

Protecting sensitive data in your virtualization service templates

When you save a virtual service template you have to specify whether or not the template (.vstz file) should be protected by a password. You can specify how to protect the file: No password, Current project password, or a Custom password.

For other users to use the service template, you must provide them with the encryption password.

Back to top

Using encrypted passwords in SV configuration files

You may want to use encrypted passwords in Service Virtualization configuration files, in place of regular text passwords. You may also want to modify existing passwords stored in the files, for example, the REST management endpoint, agent configuration files, or database credentials stored in the registry.

To add or edit encrypted passwords, manually edit the configuration files:

  1. Generate an encrypted password using the Service Virtualization Configuration Tool. For details, see Generating an encrypted password.

  2. In the file you want to configure:

    1. Add the enc- attribute to the relevant file.
    2. Replace "xxxx" with the encrypted password string generated by the Configuration Tool.

    For example:

    Windows

    Unencrypted:

    		 
    <restManagementServiceConfiguration certificatePath="..\..\
    ConfigurationTools\certificates\server-cert.p12" 
   certificatePassword="changeit" />
    Encrypted: 
    <restManagementServiceConfiguration certificatePath="..\..\
    ConfigurationTools\certificates\server-cert.p12" 
   enc-certificatePassword="xxxx" />
    Linux
    Unencrypted: 
    <restManagementServiceConfiguration certificatePath="/etc/
    sv-server/certificates/server-cert.p12" 
   certificatePassword="changeit" 
    url="https://+:6085/management" aclEnabled="true"/>
    Encrypted: 
    <restManagementServiceConfiguration certificatePath="/etc/
    sv-server/certificates/server-cert.p12"
       enc-certificatePassword="xxxx" 
    url="https://+:6085/management" aclEnabled="true"/>

Back to top

Generating an encrypted password

You can generate an encrypted password string using the Service Virtualization Configuration Tool.

  1. Navigate to the Service Virtualization Server or Designer installation directory’s bin folder.

  2. Run the ConfigTool utility, using the enc-printEncryptedValue option to generate an encryption string:

    Windows

    From the command line, navigate to the Service Virtualization Server or Designer installation directory’s \bin folder, and run:
    ConfigTool.exe enc-printEncryptedValue ["server"| "designer"] [value]

    where

    ["server"|"designer"] = Specify whether to use the encryption password from the server or designer. The tool takes the relevant password from the system credential store, where it was stored during installation.

    [value] = the password you want to encrypt, for example a certificate password.

    Example:

    Run C:\Program Files\Micro Focus\Service Virtualization Server\Server\bin>ConfigTool.exe enc-printEncryptedValue "designer" mySecret

    where

    "designer = use the designer encryption password.

    mySecret = the password to encrypt.
    Linux

    sv-ConfigTool enc-printEncryptedValue ["server"] [value]

    ["server"] = Use the encryption password from the server (the designer option is only available for Windows). The tool takes the password from the system credential store, where it was stored during installation.

    [value] = the password you want to encrypt, for example a certificate password.

    Example:  

    Run sv-ConfigTool enc-printEncryptedValue "server" mysecret

    where

    "server" = use the server's encryption password.

    mysecret = the password to encrypt.

    An encrypted password string is generated for the password and displayed.

  3. Copy the encrypted password string into the file you want to edit.

Back to top

See also: