Uses Advanced Encryption Standard (AES/CBC/PKCS5Padding(128)) to encrypt Oracle Enterprise Performance Management Cloud password (or the OAuth2.0 refresh token and client ID for accessing OCI (Gen 2) environments), and optionally, the internet proxy server password used for signing in to Oracle Fusion Cloud EPM environments, and stores it in a password file.

Encrypting the secrets allows Service Administrators to share their encrypted password file with developers who write EPM Automate scripts so that they can execute the scripts. This precludes the need to share the Service Administrator password or create a generic, shared EPM Cloud account specifically for running scripts.

Encrypting password is a one-time process.


See Handling Special Characters for information on encrypting passwords that contain special characters.

Applies to

Planning, Planning Modules, FreeForm, Financial Consolidation and Close, Tax Reporting, Account Reconciliation, Profitability and Cost Management, Enterprise Profitability and Cost Management, Oracle Enterprise Data Management Cloud, Narrative Reporting, Sales Planning, and Strategic Workforce Planning.

Required Roles

Service Administrator, Power User, User, Viewer


epmautomate encrypt PASSWORD|REFRESH_TOKEN KEY PASSWORD_FILE [ClientID=CLIENT_ID] [ProxyServerPassword=PROXY_PASSWORD] where:
  • PASSWORD|REFRESH_TOKEN PASSWORD is the password or the OAuth refresh token that you want to encrypt. You cannot use corporate credentials with EPM Automate.
  • KEY is the private key that is to be used to encrypt the password.
  • PASSWORD_FILE is the name and location of the file that stores the encrypted password or refresh token. The password file must use the .epw extension.
  • ClientID, optionally, is the client identifier that is created during OAuth 2.0 setup. This value must be specified while encrypting an OAuth 2.0 refresh token. Do not specify this value while encrypting a password.
  • ProxyServerPassword is the password to authenticate the user with the HTTP proxy server. Required only if authentication at proxy server is enabled for your network.


  • Encrypt only EPM Cloud password: epmautomate encrypt P@ssword1 myKey C:\mySecuredir\password.epw
  • Encrypt EPM Cloud and internet proxy server passwords: epmautomate encrypt E@xample1 myKey C:\mySecuredir\password.epw ProxyServerPassword=Proxy_Pwd1
  • Encrypt refresh token and Client Id: epmautomate encrypt AAyyilYBAWD4....FVkxefd8kjoJr6HJPA= myEncyprtion42Key C:\mySecuredir\oauthfile1.epw ClientID=6fdf2e72fd343430ABR22394C