Encrypted Configuration Database Password

You can encrypt the password used to access the Configuration Database so that it appears in the Configuration Server logs as an encrypted string of characters.

Important

This encryption does not use the SALT used when encrypting user passwords. See Password Encryption.

Security Benefits

Once encrypted, the password to the Configuration Database is written as an encrypted string of characters into Configuration Server logs. This feature ensures that anyone reading the log cannot obtain the password and use it to access the Configuration Database directly through the DBMS.

Supporting Components

This feature is configured on the Configuration Server accessing the Configuration Database.

Feature Description

All entries in configuration files and logs are readable in plain text, unless explicitly configured to be hidden in some way. You can encrypt your password for accessing the Configuration Database. After password encryption, Configuration Server decrypts the value when reading its configuration file at subsequent startups. It accesses the Configuration Database using the decrypted value, and prints an encrypted string of characters as the password value into the log. In this way, the password does not explicitly appear in the Configuration Server logs.

Feature Configuration

To encrypt the Configuration Database password, do the following:

1. Force Configuration Server to encrypt the password. [+] Show steps

Important

Starting in release 8.5.1, the Configuration Server configuration file optionally supports an asymmetric encryption algorithm using separate encryption and decryption (private) keys that are not hardcoded. In this case, the keys are generated by Configuration Server and stored in separate files. The password is encoded using the key in the encryption file. Upon subsequent restarts of Configuration Server, it uses the key in the decryption file to decrypt and the password. See Encrypting the Configuration Database Password

Prerequisites

Configuration Server is not running.
Configuration DB Server is not running.

Start of Procedure

Force Configuration Server to encrypt the password, by starting Configuration Server with the following command line:

confserv -p <section name> <password value>

where:

-p	The command-line parameter that forces an instance of Configuration Server to start, encrypt the database password in the configuration file, and terminate.
<section name>	The section name in the Configuration Server configuration file that describes the Configuration Database whose access password is being encrypted.
<password value>	The password used for accessing the specified Configuration Database.

Important

If the configuration file name differs from the default name (confserv.conf on UNIX or confserv.cfg on Windows), the command line should also contain the -c parameter followed by the file name. For a description of command-line parameters specific to Configuration Server, refer to the Framework Deployment Guide.
If a password to be encrypted contains one or more UNIX shell special characters, the password must be enclosed in single quotes in the command line. For example, if the password is $Montana, enter the following at the command line:

confserv -p gauth_ldap ‘$Montana’

When using Windows, if a password to be encrypted contains one or more special characters, the password must be enclosed in double quotes in the command line. For example, if the password is p&ssword, enter the following at the command line:

confserv -p dbserver "p&ssword"

Repeat this step for each Configuration Database section listed in the configuration file of Configuration Server.

2. Configure the encryption option in the Configuration Server configuration file. [+] Show steps

3. Restart Configuration Server as for a regular operation. Refer to the Framework Deployment Guide for detailed information about starting Configuration Server.

Encrypted Configuration Database Password

Contents

Security Benefits

Supporting Components

Feature Description

Feature Configuration

Prerequisites

Start of Procedure

Prerequisites

Start of Procedure

Contact

Genesys

Customer Care

Legal