Use > Hardening > Introduction to Hardening > System Access > How to Encrypt the Database Password for Configuration Manager

How to Encrypt the Database Password for Configuration Manager

The CM database password is stored in the <Configuration_Manager_installation_directory>\conf\ file. If you want to encrypt the password, our default encryption algorithm complies with the standards of FIPS 140-2.

The encryption is accomplished by means of a key, through which the password is encrypted. The key itself is then encrypted using another key, known as a master key. Both keys are encrypted using the same algorithm. For details on the parameters used in the encryption process, see Parameters for Configuration Manager Database Password Encryption

Caution If you change the encryption algorithm, all previously encrypted passwords are no longer usable.

To change the encryption of your database password:

  1. Open the <Configuration_Manager_installation_directory>\conf\ file and edit the following fields:

    • engineName. Enter the name of the encryption algorithm.

    • keySize. Enter the size of the master key for the selected algorithm.

  2. Run the generate-keys.bat script, which creates the <Configuration_Manager_installation_directory>\security\encrypt_repository file and generates the encryption key.

  3. Run the bin\encrypt-password.bat utility to encrypt the password. Set the -h flag to see the available options.

  4. Copy the result of the password encryption utility and paste the resulting encryption into the conf\ file.