Password Encryption

You can encrypt sensitive data stored in Service Virtualization, such as passwords stored in agent configuration files or in the Service Virtualization Credential Store.

Service Virtualization encrypts data using a password that you provide. You can enable password encryption by defining an encryption password for the following application components:

Service Virtualization Server encryption During server installation, you can select the server encryption option, and define a password to use for encryption. The password is stored for the Windows system account user, and used for all server encryption.
Designer/Embedded Server encryption During Designer installation, or if you are running the Designer for the first time, you can define a password for encrypting sensitive information stored in the server. Each Windows user running the Designer can define an encryption password, used to encrypt their own data and configuration information.
Project encryption

You can define a password for encrypting virtualization projects. When you export a virtualization project and a .vproja project archive file is created, the project is encrypted using the encryption password. For other users to open the exported project, you must provide them with the encryption password.

This section includes:

Using Encrypted Passwords in Service Virtualization Configuration Files

You may want to use encrypted passwords in Service Virtualization configuration files, in place of regular text passwords. You may also want to modify existing passwords stored in the files. For example, for the REST management endpoint, the Agent configuration files, or database credentials stored in the registry.

To add or edit encrypted passwords, manually edit the configuration files:

  1. Generate an encrypted password using the Service Virtualization Configuration Tool. For details, see Generating an Encrypted Password.

  2. In the file you want to configure:

    1. add the enc- attribute to the relevant file.

    1. Replace "xxxx" with the encrypted password string generated by the Configuration Tool.

    For example:

    Windows

    Unencrypted:

    <restManagementServiceConfiguration certificatePath="..\..\
        ConfigurationTools\certificates\server-cert.p12" 
       certificatePassword="changeit" openFirewall="true" />
    Encrypted:
    <restManagementServiceConfiguration certificatePath="..\..\
        ConfigurationTools\certificates\server-cert.p12" 
       enc-certificatePassword="xxxx"openFirewall="true" />
    Linux
    Unencrypted:
    <restManagementServiceConfiguration certificatePath="/etc/
        hpe-sv-server/certificates/server-cert.p12" 
       certificatePassword="changeit" openFirewall="false" 
        url="https://+:6085/management" aclEnabled="true"/>
    Encrypted:
    <restManagementServiceConfiguration certificatePath="/etc/
        hpe-sv- server/certificates/server-cert.p12"
    enc-certificatePassword="xxxx" openFirewall="false" url="https://+:6085/management" aclEnabled="true"/>

Generating an Encrypted Password

You can generate an encrypted password string using the Service Virtualization Configuration Tool on Windows.

  1. From the command line, navigate to the Service Virtualization Server or Designer installation directory’s \bin folder, and run ConfigTool.exe.
  2. Run the ConfigTool utility, using the enc-printEncryptedValue option to generate an encryption string:

    Windows

    From the command line, navigate to the Service Virtualization Server or Designer installation directory’s \bin folder, and run:
    ConfigTool.exe enc-printEncryptedValue ["server"| "designer"] [value]

    where

    ["server"|"designer"] = Specify whether to use the encryption password from the server or designer. The tool takes the relevant password from the system credential store, where it was stored during installation.

    [value] = the password you want to encrypt, for example a certificate password.

    Example:

    Run C:\Program Files\HPE\HPE Service Virtualization Server\Server\bin>ConfigTool.exe enc-printEncryptedValue "designer" mySecret

    where

    "designer = use the designer encryption password.

    mySecret = the password to encrypt.

    Linux

    sv-ConfigTool enc-printEncryptedValue ["server"] [value]

    ["server"] = Use the encryption password from the server (the designer option is only available for Windows). The tool takes the password from the system credential store, where it was stored during installation.

    [value] = the password you want to encrypt, for example a certificate password.

    Example:  

    Run sv-ConfigTool enc-printEncryptedValue "server" mysecret

    where

    "server" = use the server's encryption password.

    mysecret = the password to encrypt.

    An encrypted password string is generated for the password and displayed.

  3. Copy the encrypted password string into the file you want to edit.

Changing the Service Virtualization Server Encryption Password on Windows

If you want to change the Service Virtualization Server's or Designer's encryption password entered during installation, use the Windows Credential Manager.

Caution: If you change the encryption password, Service Virtualization will not be able to read encrypted information that was encrypted using the previous password. To correct this, use the Configuration Tool to modify the encrypted passwords.