You are viewing the documentation for Blueriq 15. Documentation for other versions is available in our documentation directory.

Property Encryption (Blueriq 12.10 and newer)

For the new property encryption mechanism, a password is required. This password serves as the secret key that is used for encryption. We recommend that you use a strong password.

The password can be passed to the Runtime, Customer Data Service and DCM Lists Service as a property:

application.properties
blueriq.properties.encryption.password = 190f704dcab801253434864b03d498be04e7cb7407063eb5df41101e313ea32f

Alternatively, this property can be passed to the JVM as a command line parameter:

-Dblueriq.properties.encryption.password=190f704dcab801253434864b03d498be04e7cb7407063eb5df41101e313ea32f


Please note the following:

  • The application decrypts properties at startup. If decryption fails, the application will not start. Usual causes are that no password is configured or that the encryption password was not the password that the property was encrypted with.
  • Contrary to the old mechanism, any property can be encrypted.

Encrypting passwords with the Blueriq Encryptor

The BlueriqEncryptor is located in the Runtime\Java\Webapp\Tools folder in the release zip. This is a Java console application that can be used to create encrypted passwords to be used for password properties in the Runtime.

Start the application as a java executable jar:

> java -jar BlueriqEncryptor.jar --password <your_encryption_password>
Enter the value to be encrypted: 

The application will ask for a value to be encrypted. Enter a value and press enter to get the encrypted value, for example 'welcome'.

Enter the value to be encrypted: welcome
Encrypted value for welcome = ENC(TusxwbXq0jYIAFPvH5ljXZu70V1bt6i4Uwi4DxAU5UnE8tpsxMPM2z0QK/ENy50Y)
Enter the value to be encrypted:

In this case the encrypted value is ENC(TusxwbXq0jYIAFPvH5ljXZu70V1bt6i4Uwi4DxAU5UnE8tpsxMPM2z0QK/ENy50Y). This value may be used in in property/yml files.

Afterwards it is possible to enter a new value to be encrypted. Exit the application with Ctrl-C or leave the input blank.

Encryption algorithm

The encryption uses the following parameters:

  • Password Based Encryption with SHA-512 hashes and AES-256 encryption
  • Random salt when encrypting the property
  • A random input vector when encrypting the property
  • 1000 hashing iterations

Customizing property encryption (Blueriq 12.10+)

The property encryption mechanism uses sensible defaults. If you want to customize the way your properties are encrypted/decrypted, you can add an org.jasypt.encryption.pbe.PBEStringEncryptor bean to your project. You can reference this bean by setting this property:

application.properties
jasypt.encryptor.bean = <name_of_the_custom_bean>

Note you have to provide your own encryptor application. Blueriq Encryptor only works for non-customized encryption.