Page tree
Skip to end of metadata
Go to start of metadata

Summary: this page describes how to use the aip-encryption-tool to encrypt credentials stored in properties files.

This information is valid for ≥ 1.11.x releases of Console.


When installing and configuring Console, sometimes credentials need to be stored in .properties files for various reasons, for example:

Credentials that are input into the installation wizard are stored in the relevant .properties files in encrypted format to avoid security issues, for example the following shows the credentials for the CAST Storage Service/PostgreSQL server encrypted on the line database.server.password in the file:

# =============================
# CSS Server parameters
# -----------------------------
# to encrypt the password use aip-encryption-tool

If you need to update these credentials, or you need to configure new credentials, then CAST highly recommends that you generate a new encryption key using the aip-encryption-tool provided with Console instead of using credentials entered in plain text in the properties file. This page explains how to use the tool.

Where can I obtain the aip-encryption-tool tool?

Console ≥ 1.12.x

The aip-encryption-tool is provided in the following locations post-installation:

<install_location>\AipConsole\admin (note that this tool is not available in 2.x Console installations, it is instead available on each Node).

aip-encryption-tool.batUse this to run the tool on Windows.
aip-encryption-tool.exeaip-encryption-tool (do not run this executable).
aip-encryption-tool.shUse this to run the tool on Linux.

Console ≤ 1.11.x

The aip-encryption-tool is provided as part of the main Console package as a ZIP file:

Unzip the ZIP to locate the tool:

.bat fileUse this to run the tool on Windows.
.jar fileaip-encryption-tool.
.sh fileUse this to run the tool on Linux.
.pdf fileExplanation PDF file.

Using the aip-encryption-tool

Console ≥ 1.12.x

Run the appropriate script file for your OS environment (.bat or .sh file). When the tool loads, enter the password to encrypt in the Password field (tick the Show password option if you need to ensure the password is correct):

Click Encrypt to encrypt the password and then Copy to transfer the encrypted password to memory.

Console ≤ 1.11.x

Run the appropriate script file for your OS environment. Below is an example running on Windows encrypting the user name "operator" and password "CastAIPCastAIP":

Note in a Windows environment, to copy the generated key, enable Quick Edit Mode in the CMD window. Right click the header bar and select Properties:

Click to enlarge

Enable the Quick Edit Mode in the Options tab:

Click to enlarge

Updating the key in the properties file

When you have a new encryption key, modify (using a text editor - Notepad or other similar application) the appropriate .properties file for the Node you need to update. Locate the existing key in the file and replace it with your new key. Finally restart the service to ensure the changes are taken into account.

  • No labels