Hi, Paul
There is an password encoder tool under {profile}\bin directory called PropFilePasswordEncoder.
It will encode a plain text password using the encoding configured with the WebSphere. ({xor} by default)
You could specify the encoded password in the script.
Steps to encode a plain text passwordThe tool needs a file that contains the password in following format (property=password)
For example, I created "paulspwd.txt" as follows, that contains "
pauls-secret" as the password to obfuscate.
C:\WAS855ND\profiles\Dmgr01\bin>type paulspwd.txt
password=pauls-secret
Then run the command on the file specifying the property associated with the password.
C:\WAS855ND\profiles\Dmgr01\bin>PropFilePasswordEncoder.bat paulspwd.txt password
After the command finishes, please open the file again. It is encoded as follows.
C:\WAS855ND\profiles\Dmgr01\bin>type paulspwd.txt
password=
{xor}Lz4qMyxyLDo8LTor <= Encoded!
The password should work in the configuration xml files where password is specified.
For more information, please check out the following page.
Securing passwords in files
Thanks!
------------------------------
Hiroko Takamiya
IBM
------------------------------
Original Message:
Sent: Thu June 03, 2021 11:52 AM
From: Paul Fearon
Subject: Obfuscating or protecting passwords in files when building WebSphere
Hi,
I am using wsadmin (I know I just said in another thread I would avoid it if possible but it's not possible here) and I am looking to script the security configuration. So the command is:
wsadmin -f security.py
In Security.py there is a line:
AdminTask.addIdMgrLDAPServer('[-id ToyTown -host ToyTown.com -bindAuthMechanism simple -bindDN me@ToyTown.com -bindPassword password -referal ignore -sslEnabled true -ldapServerType AD -sslConfiguration -certificateMapMode exactdn -certificateFilter -authentication simple -port 636]')
Since this is stored in scripts is there anyway to protect, hide or obfuscate the password value?
Thanks,
Paul
------------------------------
Paul Fearon
------------------------------