Encrypting system passwords

All passwords in your configuration files must be encrypted. You will need to prepare the list of passwords that need to be encrypted. You will need to repeat the procedure described on this page for all server nodes that you have in your deployment type.

You can use the encrypt.sh script which is provided in your deployment package for that purpose.

Note

An unencrypted password will not work, resulting in tribefire-services crash after installation.

Preparing files with encrypted system passwords

1. Create a text file somewhere on the file system of the Conversion Server installation server.

2. Put the following records in this file:

   Password	Description	Section: Property in the config file	Unencrypted value	Encrypted value
   Conversion Service admin user password	Create a value for accessing Conversion Service by the admin user	Admin user: password
   Conversion Service system database user password	Enter an existing value of the system database	System database: password
   Conversion Service conversion database user password	Enter an existing value of the conversion database	Conversion database: password
   Conversion Service SSL keystore password	Enter a password value generated by the SSL keystore script	HTTPS/SSL: sslKeystorePassword

3. Create a text file somewhere on the file system of the D1 installation server.

4. Put the following records in this file:

   Password	Description	Section: Property in the config file	Unencrypted value	Encrypted value
   D1 admin user	Create a value for accessing D1	Admin user: password
   D1 system database password	Enter the password of the D1 system database	System database: password
   D1 SSL keystore password	Enter a password value generated by the SSL keystore script.	HTTPS/SSL: sslKeystorePassword

5. Find out the passwords for the parameters added to the text files, and add them to the files.

6. Encrypt all passwords as it is described in To encrypt a system password.

7. Update the text files with encrypted values.

Now, you can proceed with the installation of Conversion Service and D1.

Important!

When you have installed D1 and Conversion Service, delete the text files from the file system or store them somewhere securely.

To encrypt a system password

1. Open the installation directory of your server (D1 or Conversion Service).

   

2. In the command line run the following command:

   ./encrypt.sh --value 'example-password'

   For example, run: ./encrypt.sh --value 's3cur3p455w0rd'. The encrypted password is then displayed as follows:

   $ ./encrypt.sh --value 's3cur3p455w0rd'
   cNRVe5T5gOB0o3NXxjCdRkiMGbNKWpAsbGFWFVKCVjZ0Jh1yUwyaZxPJ1WjFYbXABc6qiw==
   DONE
   Note

   You can reference the environment variable script while encrypting your password by adding --environment /path/to/environment.sh to the command.

3. Copy the encrypted password value to the clipboard and paste it into a text file.

4. Then wrap the encrypted value in "${decrypt(' encrypted_password ')}" .

   Our example string will look as follows:

   "${decrypt('cNRVe5T5gOB0o3NXxjCdRkiMGbNKWpAsbGFWFVKCVjZ0Jh1yUwyaZxPJ1WjFYbXABc6qiw==')}"

Where to go from here

After you have prepared files with encrypted system passwords, we recommend that you review the Typical installation example. If you skip this step, proceed with Conversion Service server installation. See Installing Conversion Service.