Skip to main content
Version: Release 22.2

Managing Encrypted Passwords in Release

Release provides a mechanism to automatically encrypt passwords and enables you to refer to them, so you do not need to store third-party passwords in plain text in configuration files.

To declare a new third-party password:

To automatically encrypt passwords:

  1. Add the password to the XL_RELEASE_SERVER_HOME/conf/xl-release-server.conf file:
    third.party.password=value
note

The key must end with .password.

  1. Restart Release. The password will automatically be encrypted in the xl-release-server.conf file.

    third.party.password={aes\:v0}vEWwVYoSXqKXW+1Zro5u4KwFiMfsQJ0TJBeTsmtXgv8\=
  2. Use the password in Spring configuration files. For example, if you declare ldap.xlrelease.password in the xl-release-server.conf file, then you can use it in the XL_RELEASE_SERVER_HOME/conf/xl-release-security.xml file:

    <bean id="ldapServer" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
    <property name="password" value="${ldap.xlrelease.password}"/>
    ...
    </bean>

Using the password in an Integration plugin

This example shows you how to use the password in your plugin.

To begin, you need to add two classes to the plugin:

com.xebialabs.xlrelease.config.XlrConfig
com.xebialabs.deployit.util.PasswordEncrypter

The XlrConfig class allows you to access the password value stored in the xl-release-server.conf file. Whereas, the PasswordEncrypter class enables you retrieve the password in plain text.

To use the passwords in your plugin script:

  1. Add the password to the release-server.conf file :
acme.password=somepassword
  1. When you restart the server, the password will be stored as an encrypted string. For example:
acme.password={aes\:v0}vEWwVYoSXqKXW+1Zro5u4KwFiMfsQJ0TJBeTsmtXgv8\=
  1. To retrieve the encrypted password value:
myTemp = XlrConfig.getInstance().getConfig(“acme.password”);
  1. To retrieve the plain text password value:
myClearPassword = PasswordEncrypter.getInstance().decrypt(myTemp);