wadm will use username and password of the administrator to authenticate to Administration Server. A valid username and password file must be passed as arguments to each command running in single mode. Shell mode accepts username and password file when wadm executable is invoked. Commands invoked in the shell mode do not require the connection options (for example, user, password-file, host, port and ssl). If specified, they will be ignored.
Some commands supported by the CLI require password inputs. For example, bindpw, user-password and token-pin. User can specify these passwords in the same file that contains the administration user password. If the password-file is not specified with the command, then user will be prompted for the password.
The wadm communicates with the Administration Server through SSL, if SSL is enabled on Administration Server. The Certificate passed by the Administration Server will be verified against the truststore (~/.wadmtruststore). If the certificate exists and is valid, the command proceeds normally. Otherwise, wadm displays the certificate and gives the user the choice of accepting it. If the user accepts it, the certificate will be added to the truststore and the command proceeds normally.
truststore need not be password protected since it does not contain any sensitive data.