Encrypting Passwords in Templates
You can secure passwords that you use in templates by encrypting the password with the
sagcc exec security encrypt command and using the encrypted value in the template or properties file. Note that you must enclose the encrypted password value in quotes when you add it in a template YAML file.
If you have an existing product configuration with a password, in the Command Central web user interface, you can navigate to the required product configuration and click Export. The password value in the exported template snippet is encrypted. If you encrypt a password using this method, Software AG recommends to use the encrypted value only with the exported template snippet.
If you apply a template with encrypted passwords to provision installations with version:
10.5 and higher, the password is decrypted on the
Platform Manager side.
10.4 and lower, the password is decrypted on the
Command Central side.
Examples
To configure a database user with name "admin" and password "MyPassword" for the Integration Server instance with name "is-instance3", using the encrypted value of "MyPassword":
products:
integrationServer:
is-instance3:
db.username: admin
db.password: "{AES/CBC/PKCS5Padding}{GMfxghcHuJNqO396i8iES1fyQ/vkh50tULOPJ79tC8Q=}{IGD7aiMTQ3e1c8NZGTkPuA==}ikPlsNWacjGil3c4e/KL8Q=="
...
To configure a database administrator user with name "admin" and password "MyPassword" for an SQLServer database, using the encrypted value of "MyPassword":
environments:
default:
db.host: sqlserver.db.host
db.version: 10.4.0.0
db.type: sqlserver
db.port: 1433
db.admin.username: admin
db.admin.password: "{AES/CBC/PKCS5Padding}{GMfxghcHuJNqO396i8iES1fyQ/vkh50tULOPJ79tC8Q=}{IGD7aiMTQ3e1c8NZGTkPuA==}ikPlsNWacjGil3c4e/KL8Q=="
...