You are viewing the documentation for Blueriq 17. Documentation for other versions is available in our documentation directory.

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Property Encryption (Blueriq 12.10 and newer)

For the new property encryption mechanism, a password is required. This password serves as the secret key that is used for encryption. We recommend that you use a strong password.

The password can be passed to the Runtime, Customer Data Service and DCM Lists Service as a property:

application.properties
blueriq.properties.encryption.password: 190f704dcab801253434864b03d498be04e7cb7407063eb5df41101e313ea32f

Alternatively, this property can be passed to the JVM as a command line parameter:

-Dblueriq.properties.encryption.password=190f704dcab801253434864b03d498be04e7cb7407063eb5df41101e313ea32f


Please note the following:

  • The application decrypts properties at startup. If decryption fails, the application will not start. Usual causes are that no password is configured or that the encryption password was not the password that the property was encrypted with.
  • Contrary to the old mechanism, any property can be encrypted.

Encrypting passwords with the Blueriq Encryptor

The BlueriqEncryptor is located in the Runtime\Java\Webapp\Tools folder in the release zip. This is a Java console application that can be used to create encrypted passwords to be used for password properties in the Runtime.

Start the application as a java executable jar:

> java -jar BlueriqEncryptor.jar --password <your_encryption_password>
Enter the value to be encrypted:

The application will ask for a value to be encrypted. Enter a value and press enter to get the encrypted value, for example 'welcome'.

Enter the value to be encrypted: welcome
Encrypted value for welcome = ENC(TusxwbXq0jYIAFPvH5ljXZu70V1bt6i4Uwi4DxAU5UnE8tpsxMPM2z0QK/ENy50Y)
Enter the value to be encrypted:

In this case the encrypted value is "ENC(TusxwbXq0jYIAFPvH5ljXZu70V1bt6i4Uwi4DxAU5UnE8tpsxMPM2z0QK/ENy50Y)". This value may be used in in property files where a password is expected.

Afterwards it is possible to enter a new value to be encrypted. Exit the application with Ctrl-C or leave the input blank.

Legacy property encryption

Since Blueriq 12.10, a new property encryption mechanism has been introduced, which is the default since then. The old mechanism still works for now, but its use is deprecated. It is scheduled for removal in Blueriq 13. Of you still want to encrypt passwords with the old mechanism, add the --legacy  flag to the PropertiesEncryptor:

> java -jar BlueriqEncryptor.jar --legacy
Enter the value to be encrypted:

Legacy encrypted properties can be recognized from the _-_encryptedValue_-_ prefix.


Customizing property encryption (Blueriq 12.10+)

The property encryption mechanism uses sensible defaults. If you want to customize the way your properties are encrypted/decrypted, you can add an org.jasypt.encryption.pbe.PBEStringEncryptor bean to your project. You can reference this bean by setting this property:

application.properties
jasypt.encryptor.bean = <name_of_the_custom_bean>

Note you have to provide your own encryptor application. Blueriq Encryptor (see below) only works for non-customized encryption.

  • No labels

Didn't find the answer you were looking for? Try the advanced search