Posted: 26 Apr 2017 10:10 EDT Last activity: 8 May 2017 10:19 EDT
Encryption of passwords used by prpcUtils (i.e. not in prconfig.xml and prbootstrap.properties)
We are trying to encrypt our JDBC passwords by creating a Keyring, as described in the Pega SAS course material (and various PDN pages).
While doing so we realized that prpcUtils.sh (Import and ExportRAP) as well as migrate.sh (needed for Pega-HA) are not using prconfig.xml and prbootstrap.properties.
Instead, they use prpcUtils.properties and migrateSystem.properties, respectively. Neither the -Dpegarules.keyring method (using our own cipher), or the encrypted passwords from com.pega.pegarules.pub.PassGen (using the builtin cipher) are working with these tools. Both methods just result in database authorization errors.
What is the correct way to encrypt the passwords used by these tools?
For prpcUtils in the properties file there is a way to provide your own prbootstrap and prconfig instead of having the tool generate them for you. Then you will need to make a modification to the prpcUtils.xml file to specify the keyring as a system property and comment a couple of things out that are not expecting a keyring file. I believe there is an open epic to make prpcUtils to be able to use a keyring file OOB.
What version of Pega are you looking to do this for? I will find an article that tells you about this.
As for the migrate script there is not a way to use passgen/keyring with that.
This article was written for 7.1.7 but should still be applicable in 7.2.1. The specific line numbers mentioned in the article may be different in the 7.2.1 version of prpcUtils.xml compared to the 7.1.7 version. If you have questions about what changes to make in 7.2.1 then open an SR and I'll give you specific instructions for 7.2.1.