Administer > System security > Encryption of configuration file settings

Encryption of configuration file settings

You can encrypt values within the HPE Service Manager configuration file (sm.ini) to protect passwords and authentication information. The encryption scheme is ideal for connection parameters such as RDBMS or LDAP user names and passwords. Using a command line utility you can convert any value to an AES256-256-CBC encrypted value. You can then copy the encrypted value into the configuration file and add an asterisk to the beginning of the parameter name. The asterisk is a required element that indicates to the server that the parameter value is encrypted.

For example, the unencrypted value:

sqllogin:rdbmsuser/mypassword

Becomes the following value when encrypted:

*sqllogin:D51CB23B379C873CBA055FB9A3798375AC93D48BB8AE2CC773D7317E4715EAE7

After you have encrypted a configuration file value there is no way to convert it back to clear text. The Service Manager server decrypts the value for administrative purposes, but it does not save or store the decrypted value.

Note Only use the encryption scheme to encrypt server parameters in the Service Manager configuration file (sm.ini). Do not encrypt other values in other files as this may damage your system or cause data loss.

In addition, the values of the following security parameters in the sm.ini file are encrypted automatically during the server startup. You do not need to encrypt them manually.

  • changeencrkey
  • upgradeencralg
  • encryptionkey
  • sqllogin
  • ldapbindpass
  • smtppassword
  • keystorePass
  • truststorePass
  • ssl_trustedClientsPwd
  • idmsigningkey