Store encrypted passwords in Deploy
This topic describes how Digital.ai Deploy provides a mechanism to automatically encrypt passwords, allowing you to reference them without storing third-party passwords in plain text in configuration files.
To declare a new third-party password:
- Add the password to the
XL_DEPLOY_SERVER_HOME/conf/deployit.conf
file:
third.party.password=value
The key must end with .password
extension.
- Restart Deploy. The password will automatically be encrypted in the deployit.conf file.
For version 8.5.0 and later, the format is:
third.party.password={aes\:v0}vEWwVYoSXqKXW+1Zro5u4KwFiMfsQJ0TJBeTsmtXgv8\=
For versions pre 8.5.0, the format is:
third.party.password={b64}nbbZ2zHXozfxiz1+ooe8hg\=\=
- Use the password in Spring configuration files.
For example, if you declare ldap.xldeploy.password
in the deployit.conf
file, then you can use it in the XL_DEPLOY_SERVER_HOME/conf/deployit-security.xml
file:
<bean id="ldapServer" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<property name="password" value="${ldap.xldeploy.password}"/>
...
</bean>
If you are using Deploy version 7.5.x and earlier and you want to store encrypted passwords and use them under the jackrabbit configuration file (jackrabbit-repository.xml):
- Add the password to the
XL_DEPLOY_SERVER_HOME/conf/deployit.conf
file:
xl.repository.password=value
The key must start with xl.repository..
- Use the password in the jackrabbit file:
Remove `xl.repository. from the key string.