Obfuscate keys and passwords
Using the PingIntelligence Dashboard command-line interface (CLI), you can obfuscate the keys and passwords configured in dashboard.properties
.
The following keys and passwords are obfuscated:
-
abs.access_key
-
abs.secret_key
-
es.password
The Dashboard ships with a default dashboard_master.key
, which is used to obfuscate the keys and passwords. It is recommended to generate your own dashboard_master.key
.
During the process of obfuscation of keys and password, the Dashboard must be stopped. For more information, see Start and stop Dashboard. |
The following diagram summarizes the obfuscation process:
Generate dashboard_master.key
You can generate the dashboard_master.key
by running the generate_obfkey
command in the Dashboard CLI:
/opt/pingidentity/dashboard/bin/cli.sh generate_obfkey -u admin -p Password> Please take a backup of config/dashboard_master.key before proceeding. Warning: Once you create a new obfuscation master key, you should obfuscate all config keys also using cli.sh obfuscate_keys Warning: Obfuscation master key file /opt/pingidentity/dashboard/config/dashboard_master.key already exist. This command will delete it create a new key in the same file Do you want to proceed [y/n]: y creating new obfuscation master key Success: created new obfuscation master key at /opt/pingidentity/dashboard/config/dashboard_master.key
Obfuscate key and passwords
You can enter the keys and passwords in clear text in the Dashboard.properties file. You can run the obfuscate_keys
command to obfuscate keys and passwords:
/opt/pingidentity/dashboard/bin/cli.sh obfuscate_keys -u admin -p Password> Please take a backup of config/dashboard.properties before proceeding Enter clear text keys and password before obfuscation. Following keys will be obfuscated config/dashboard.properties: abs.access_key, abs.secret_key and es.password Do you want to proceed [y/n]: y obfuscating /opt/pingidentity/dashboard/config/dashboard.properties Success: secret keys in /opt/pingidentity/dashboard/config/dashboard.properties obfuscated
You can start the Dashboard after passwords are obfuscated. For more information, see Start and stop Dashboard.
After the keys and passwords are obfuscated and the Dashboard has started, move the |