Skip to main content
Version: 2.8

Encrypting system passwords

All passwords in your configuration files must be encrypted. You will need to prepare the list of passwords that need to be encrypted. You will need to repeat the procedure described on this page for all server nodes that you have in your deployment type.

You can use the encrypt.sh script which is provided in your deployment package for that purpose.

Note

An unencrypted password will not work, resulting in tribefire-services crash after installation.

Preparing files with encrypted system passwords

  1. Create a text file somewhere on the file system of the Conversion Server installation server.

  2. Put the following records in this file:

    PasswordDescriptionSection: Property in the config fileUnencrypted valueEncrypted value
    Conversion Service admin user passwordCreate a value for accessing Conversion Service by the admin userAdmin user: password
    Conversion Service system database user passwordEnter an existing value of the system databaseSystem database: password
    Conversion Service conversion database user passwordEnter an existing value of the conversion databaseConversion database: password
    Conversion Service SSL keystore passwordEnter a password value generated by the SSL keystore scriptHTTPS/SSL: sslKeystorePassword
  3. Create a text file somewhere on the file system of the D1 installation server.

  4. Put the following records in this file:

    PasswordDescriptionSection: Property in the config fileUnencrypted valueEncrypted value
    D1 admin userCreate a value for accessing D1Admin user: password
    D1 system database passwordEnter the password of the D1 system databaseSystem database: password
    D1 SSL keystore passwordEnter a password value generated by the SSL keystore script.HTTPS/SSL: sslKeystorePassword
  5. Find out the passwords for the parameters added to the text files, and add them to the files.

  6. Encrypt all passwords as it is described in To encrypt a system password.

  7. Update the text files with encrypted values.

Now, you can proceed with the installation of Conversion Service and D1.

Important!

When you have installed D1 and Conversion Service, delete the text files from the file system or store them somewhere securely.

To encrypt a system password

  1. Open the installation directory of your server (D1 or Conversion Service).

  2. In the command line run the following command:

    ./encrypt.sh --value 'example-password'

    For example, run: ./encrypt.sh --value 's3cur3p455w0rd'. The encrypted password is then displayed as follows:

    $ ./encrypt.sh --value 's3cur3p455w0rd'
    cNRVe5T5gOB0o3NXxjCdRkiMGbNKWpAsbGFWFVKCVjZ0Jh1yUwyaZxPJ1WjFYbXABc6qiw==
    DONE
    Note

    You can reference the environment variable script while encrypting your password by adding --environment /path/to/environment.sh to the command.

  3. Copy the encrypted password value to the clipboard and paste it into a text file.

  4. Then wrap the encrypted value in "${decrypt(' encrypted_password ')}" .

    Our example string will look as follows:

    "${decrypt('cNRVe5T5gOB0o3NXxjCdRkiMGbNKWpAsbGFWFVKCVjZ0Jh1yUwyaZxPJ1WjFYbXABc6qiw==')}"
Where to go from here

After you have prepared files with encrypted system passwords, we recommend that you review the Typical installation example. If you skip this step, proceed with Conversion Service server installation. See Installing Conversion Service.