This chapter provides information about how you can encrypt passwords.
Password encryption is enabled by default within the Oracle Enterprise Repository, however, you may use the JVM startup parameter cmee.passwordencryption=false
to disable password encryption.
This chapter contains the following sections:
You can encrypt passwords using two different methods, one using the Oracle Enterprise Repository diagnostic page and other using the password encryption tool. To generate encrypted passwords, you need to perform the following steps:
Access the Oracle Enterprise Repository Diagnostics page.
Navigate to http://host_name:port/application_name/diag/index.jsp (replace host_name with the appropriate location).
Note:
In Oracle Enterprise Repository 12c release, Oracle Enterprise Repository Diagnostics page is disabled by default.To see if the diagnostics page is currently disabled, navigate to http://host_name:port/application_name/diag/index.jsp (replace host_name with the appropriate location). If the diagnostics page is disabled, the following message is displayed:
Diag pages are currently disabled. Please contact your Oracle Enterprise Repository.
See Section 1.9, "Accessing Oracle Enterprise Repository Diagnostics Page" for information about enabling the diagnostics page.
Scroll down to the Tools section and click the Encrypt Strings for passwords link to launch the Password encryption page.
Enter the clear text password into the String to Encrypt text box.
Click the Submit Query button.
Copy the resulting encrypted password string and paste it into the appropriate context or properties file(s).
The password encryption tool can be found at <FMW_HOME>
/oer/modules/tools/solutions/12.1.3.0.0-OER-PasswordTools.zip
. The 12.1.3.0.0-OER-PasswordTools.zip
file has two scripts (for Windows and Unix):
encrypt.bat/encrypt.sh - encrypt an xml config file's password elements
encryptpassword.bat/encryptpassword.sh - encrypt a single password from the command line
This section also contains the following topics:
The suggested usage of encrypted passwords are as below:
In the database.properties
file
The connection password for the database.
The Ant task property file or build script
The password the Oracle Enterprise Repository user will use at login.
In the Harvester HarvesterSettings.xml
configuration file
The password stored in the HarvesterSettings.xml
file.
In the Oracle Registry Repository Exchange Utility configuration (orrxu.xml
) file
The password stored in the orrxu.xml
file.
In the Oracle Enterprise Repository Workflow configuration (workflow.xml
) file
The password stored in the workflow.xml
file.
In the Export to API Catalog configuration file
The passwords stored in the oac.xml
file.
Other passwords in the system are encrypted automatically. This operation is invisible to the user. A number of fields stored in the properties files are encrypted by default, including:
ldap.bindPassword
enterprise.guest.password
This encryption occurs when the properties are edited and saved. Automatic encryption of passwords during an upgrade is unavailable at this time.
Passwords stored with the artifact stores are stored in the database in an encrypted format.
To ensure security, the passwords in the configuration files must be encrypted. You need to encrypt the configuration file passwords for the following:
To ensure security, the passwords in the harvester configuration must be encrypted. The password encryption tool, (encrypt.bat
/encrypt.sh
), which is found at oer/modules/tools/solutions/12.1.3.0.0-OER-PasswordTools.zip, allows you to encrypt the passwords that are stored in the Harvester configuration (HarvesterSettings.xml
) file.
Navigate to the <Harvester Home>
directory.
From a command prompt, run the password encryption tool as follows:
> encrypt.bat HarvesterSettings.xml HarvesterSettings.xml
where
HarvesterSettings.xml
= the Harvester configuration file.
For enhanced security, the password encryption tool (encrypt.bat/encrypt.sh), which is packaged with the Exchange Utility kit, resides in the installation directory, and allows you to encrypt the passwords that are stored in the Oracle Registry Repository Exchange Utility configuration (orrxu.xml
) file.
Navigate to the <ExchangeUtility Tool Home>
directory.
From a command prompt, as shown in Figure 12-1, run the password encryption tool as follows:
> encrypt.bat orrxu.xml orrxu.xml
where:
orrxu.xml
= the Oracle Registry Repository Exchange Utility configuration file
Figure 12-2 describes a sample image of how the password field appears before the encryption.
Figure 12-2 Example Image of Password Before Encryption
Figure 12-3 describes a sample image of how the password field appears after you run the password encryption tool.
Figure 12-3 Example Image of Password After Encryption
For enhanced security, the password encryption tool (encrypt.bat
/encrypt.sh
), which resides in the 12.1.3.0.0-OER-PasswordTools.zip
file, allows you to encrypt the passwords that are stored in the Workflow configuration (workflow.xml
) file.
Navigate to the ORACLE_HOME/oer/modules/tools/solutions
directory.
Extract the 12.1.3.0.0-OER-PasswordTools.zip
file to a directory and open a command prompt at this directory location.
From the command prompt, run the password encryption tool as follows:
> encrypt.bat workflow.xml workflow.xml
where
workflow.xml
= the Workflow configuration file
To ensure security, the passwords in the Export to API Catalog configuration file (oac.xml
) must be encrypted. The password encryption tool, (encrypt.bat
/encrypt.sh
), which is found at oer/modules/tools/solutions/12.1.3.0.0-OER-PasswordTools.zip, allows you to encrypt the passwords that are stored in the Export to API Catalog configuration file (oac.xml
).
Navigate to the ORACLE_HOME/oer/modules/tools/solutions
directory.
Extract the 12.1.3.0.0-OER-PasswordTools.zip
file to a directory and open a command prompt at this directory location.
From a command prompt, run the password encryption tool as follows:
> encrypt.bat
<Middleware_Home>
/user_projects/domains/
<oer_domain>
/config_oer/oac.xml
<Middleware_Home>
/user_projects/domains/
<oer_domain>
/config_oer/oac.xml
where
oac.xml
= the Export to API Catalog configuration file
<Middleware_Home>
= the Middleware Home directory into which OER is installed
<oer_domain>
= the OER domain home directory.