Command Central 10.11 | Using the Command Line Interface | Security Credentials Commands | sagcc exec security encrypt input
 
sagcc exec security encrypt input
The command encrypts user passwords for product configurations included in a properties file, using the environment or global shared secret configured in Command Central. The command encrypts the value of a property in the input file only when the property name is prefixed with @secure, for example @secure.password=value. You can use the encrypted values from the command output in place of clear text passwords when performing bulk operations with multiple passwords. For example, you can copy the command output into a template properties file.
Syntax
*Command Central syntax:
sagcc exec security encrypt {--input|-i} fileName.properties           
[sharedSecret=sharedSecret] [options]
*Not supported on Platform Manager
Arguments and Options
Argument or Option
Description
{--input|-i} fileName.properties
Required. Specifies the properties file with the product configurations that have user passwords to encrypt. For information about the format of the properties file, see "Format of the Properties File". For information about the {--input|-i} option, see input.
[sharedSecret=sharedSecret]
Optional. The shared secret configured for the Command Central environment. If you omit this parameter, the command uses the global shared secret, configured for Command Central. For more information about configuring a shared secret, see Configure Shared Secrets to Encrypt Instance and Component Passwords and sagcc add security credentials sharedsecret.
[options]
Optional. The command allows all options supported by the Command Line Interface. For a description of the options, see Common Options.
Usage Notes
*Software AG recommends that you set the encoding of the properties file to UTF-8.
*By default, the command writes the output with the encrypted password values to the console. To write the command output to a file, include the output option.
*When you create a new environment with templates, use the same shared secret in the new environment as the shared secret you specified when encrypting the passwords. For example, if you encrypted the passwords with the global shared secret, use the global shared secret for the target installation in the new environment. If you encrypted the passwords with a custom shared secret for the environment, use the same custom shared secret on the target installation.
Format of the Properties File
When you want to encrypt a property in the properties file, you must prefix the property name with `@secure` in the following format: @secure.propertyName=value. Note that the property cannot have a multi-line value. In the following example, if you prefix the password properties with @secure:
# the user name of the administrator user
username=Administrator

# the password of the administrator user
@secure.adminpassword=cleartext_password

# the user name of the database user
username=dbuser

# the password of the database user
@secure.dbpassword=cleartext_password
The command output will return the following:
# the user name of the administrator user
username=Administrator

# the password of the administrator user
adminpassword=encrypted_value

# the user name of the database user
username=dbuser

# the password of the database user
dbpassword=encrypted_value
Examples When Executing on Command Central
To encrypt all password values with the prefix @secure contained in the "prodconfig.properties" file, using the global shared secret configured for Command Central:
sagcc exec security encrypt -i prodconfig.properties
To encrypt all password values with prefix @secure contained in the "prodconfig.properties" file, using the global shared secret configured for Command Central and write the output to a file named "encryptedPasswords.properties":
sagcc exec security encrypt -i prodconfig.properties -o encryptedPasswords.properties