Page tree
Skip to end of metadata
Go to start of metadata

This information is valid only for ≥ 1.11.x releases of AIP Console.

Summary: this page describes how to use the aip-encryption-tool to encrypt credentials stored in properties files.

Introduction

When installing and configuring AIP Console, sometimes credentials need to be stored in .properties files for various reasons, for example:

Credentials that are input into the installation wizard are stored in the relevant .properties files in encrypted format to avoid security issues, for example the following shows the credentials for the CAST Storage Service/PostgreSQL server encrypted on the line database.server.password in the aip-node-app.properties file:

# =============================
# CSS Server parameters
# -----------------------------
database.server.name=localhost:2282
database.server.user=operator
# to encrypt the password use aip-encryption-tool
database.server.password=CRYPTED2:90B1A6EC1618661401B724D
database.name=postgres

If you need to update these credentials, or you need to configure new credentials, then CAST highly recommends that you generate a new encryption key using the aip-encryption-tool provided with AIP Console instead of using credentials entered in plain text in the properties file. This page explains how to use the tool.

Where can I obtain the aip-encryption-tool tool?

AIP Console ≥ 1.12.x

The aip-encryption-tool is provided in the following locations post-installation:

<install_location>\AipConsole\admin
<install_location>\AipNode\admin

aip-encryption-tool.batUse this to run the tool on Windows.
aip-encryption-tool.exeaip-encryption-tool (do not run this executable).
aip-encryption-tool.shUse this to run the tool on Linux.

AIP Console ≤ 1.11.x

The aip-encryption-tool is provided as part of the main AIP Console package as a ZIP file:

Unzip the ZIP to locate the tool:

.bat fileUse this to run the tool on Windows.
.jar fileaip-encryption-tool.
.sh fileUse this to run the tool on Linux.
.pdf fileExplanation PDF file.

Using the aip-encryption-tool

AIP Console ≥ 1.12.x

Run the appropriate script file for your OS environment (.bat or .sh file). When the tool loads, enter the password to encrypt in the Password field (tick the Show password option if you need to ensure the password is correct):

Click Encrypt to encrypt the password and then Copy to transfer the encrypted password to memory.

AIP Console ≤ 1.11.x

Run the appropriate script file for your OS environment. Below is an example running on Windows encrypting the user name "operator" and password "CastAIPCastAIP":


Note in a Windows environment, to copy the generated key, enable Quick Edit Mode in the CMD window. Right click the header bar and select Properties:

Click to enlarge

Enable the Quick Edit Mode in the Options tab:

Click to enlarge

Updating the key in the properties file

When you have a new encryption key, modify (using a text editor - Notepad or other similar application) the appropriate .properties file for the AIP Node you need to update. Locate the existing key in the file and replace it with your new key. Finally restart the service to ensure the changes are taken into account:

  • If the service is installed as a Windows Service, restart the service
  • If the service is running only using the batch files, close the CMD window to stop the service, then restart it using the following file:
<AIP_console_installation>\AipNode\tools\runAipNode.bat
<AIP_console_installation>\AipConsole\tools\runAIPConsole.bat
  • No labels