Encrypting the shared secret on the Controller

Values exist in the Controller configuration file as plain text. You can encrypt the passwords, authentication tokens, and other values for the following properties:

  • client_auth_token

  • lim_license_pool_password

  • lim_proxy_password

  • lim_proxy_user

  • smtp_auth_pass

  • ssc_ctrl_account_username

  • ssc_ctrl_account_password

  • ssc_scancentral_ctrl_secret

  • swagger_password

  • swagger_username

  • worker_auth_token

To encrypt a shared secret on the Controller:

  1. At the command prompt, type the following:

    <controller_install_dir>/bin/pwtool <pwtool_keys_file>

  2. When prompted, type the password to encode, and then press Enter.

    For the sake of security, make sure that the pwtool key file you use to encrypt secrets for the Controller is different from the pwtool key file you use to encrypt secrets on sensors.

    The pwtool generates a new key stored in the file on the path specified in step 1 or reuses an existing file on the specified path.

  3. Copy the encrypted secret, and paste it as the value for the property you want to encrypt in the config.properties file.

    OpenText recommends that you assign separate, unique shared secrets for the client_auth_token, smtp_auth_pass, ssc_scancentral_ctrl_secret, and worker_auth_token properties.

  4. To create additional encrypted shared secrets, repeat steps 1 through 3 for each property value you want to encrypt.

  5. Uncomment the following property in the config.properties file:

    pwtool_keys_file=<pwtool_keys_file>

  6. Save and close the config.properties file.

See also

Configuring the Controller