Skip to main content
Version: 25.6.0

Encrypting the Properties file

The following properties in waratek.properties can optionally be encrypted.

-- Portal Controller Key (com.waratek.ControllerKey) -- Elasticsearch Username (com.waratek.ElasticsearchUsername) -- Elasticsearch Password (com.waratek.ElasticsearchPassword) -- Trust store Password (com.waratek.trustStorePassword)

A encryptProperty.sh script is included in the Waratek Agent scripts directory. encryptProperty.sh should be run manually. It takes one mandatory argument which is the plaintext property to be encrypted, surrounded by quotes. The script outputs the encrypted value.

Example:

% ./scripts/encryptProperty.sh "password"
The property was successfully encrypted.
The full output below should be used as a new property value in the properties file.

ENC(m7rdoRv/V5iREJrA0mvyNWOcb9BXnjZ7)

That encrypted property can be used to manually update the waratek.properties file.

com.waratek.trustStorePassword=ENC(F52YU6KBIqA6V1EdEjk9NjKUNVBXkGSI)

The encryptProperty.sh script takes an optional second argument, which is the encryption algorithm to use. When a 2nd argument is not specified, the default encryption algorithm used is PBEWITHMD5ANDDES. The available algorithms to optionally specify are:

PBEWITHMD5ANDDES (default)
PBEWithMD5AndTripleDES
PBEWithSHA1AndDESede
PBEWithHMACSHA512AndAES_256 (JDK11+)

Example with non-default encryption algorithm:

$ ./scripts/encryptProperty.sh "password" PBEWithMD5AndTripleDES
The property was successfully encrypted.
The full output below should be used as a new property value in the properties file.

ENC_PBEWithMD5AndTripleDES(TEdp+TXGrnsTyXbphJ7r1q0L6dh+VbxS)

The following properties in the instance.waratek.properties file can also be encrypted. However, it should be noted that these two properties are encrypted by default so manual encryption is not required in these cases. On Waratek Agent v25.6.0+, these two properties will be encrypted using the stronger PBEWithMD5AndTripleDES algorithm in the majority of cases. If Unlimited Strength JCE is not installed in the application's JDK however (which is the case in some JDK vendors' early Java 6 and Java 7 JDKs), then the legacy PBEWITHMD5ANDDES algorithm will be used by the Waratek Agent for automatic encryption of NodeId and NodePassword.

  • Portal Node Id (com.waratek.NodeId)
  • Portal Node Password (com.waratek.NodePassword)