Skip to main content
Version: Deploy 22.2

Store encrypted passwords in Deploy

This topic describes how Digital.ai Deploy provides a mechanism to automatically encrypt passwords, allowing you to reference them without storing third-party passwords in plain text in configuration files.

To declare a new third-party password:

  1. Add the password to the XL_DEPLOY_SERVER_HOME/conf/deployit.conf file:

third.party.password=value

Note: The key must end with .password extension.

  1. Restart Deploy. The password will automatically be encrypted in the deployit.conf file.

For version 8.5.0 and later, the format is:

third.party.password={aes\:v0}vEWwVYoSXqKXW+1Zro5u4KwFiMfsQJ0TJBeTsmtXgv8\=

For versions pre 8.5.0, the format is:

third.party.password={b64}nbbZ2zHXozfxiz1+ooe8hg\=\=

  1. Use the password in Spring configuration files.

For example, if you declare ldap.xldeploy.password in the deployit.conf file, then you can use it in the XL_DEPLOY_SERVER_HOME/conf/deployit-security.xml file:

  <bean id="ldapServer" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
      <property name="password" value="${ldap.xldeploy.password}"/>
      ...
  </bean>

Important: If you are using Deploy version 7.5.x and earlier and you want to store encrypted passwords and use them under the jackrabbit configuration file (jackrabbit-repository.xml):

  1. Add the password to the XL_DEPLOY_SERVER_HOME/conf/deployit.conf file:

xl.repository.password=value

Note: The key must start with xl.repository..

  1. Use the password in the jackrabbit file:

Note: Remove `xl.repository. from the key string.