sagcc exec security encrypt input

Command Central 10.15 | Using the Command Line Interface | Security Credentials Commands | sagcc exec security encrypt input

The command encrypts user passwords for product configurations included in a properties file, using the global shared secret configured in Command Central. The command encrypts the value of a property in the input file only when the property name is prefixed with @secure, for example @secure.password=value. You can use the encrypted values from the command output in place of clear text passwords when performing bulk operations with multiple passwords. For example, you can copy the command output into a template properties file.

Syntax

Command Central syntax:

sagcc exec security encrypt {--input|-i} fileName.properties
[sharedSecret=sharedSecret] [options]

Not supported on Platform Manager

Arguments and Options

Argument or Option	Description
{--input\|-i} fileName.properties	Required. Specifies the properties file with the product configurations that have user passwords to encrypt. For information about the format of the properties file, see "Format of the Properties File". For information about the {--input\|-i} option, see input.
[sharedSecret=sharedSecret]	Optional. The shared secret configured for the Command Central landscape. If you omit this parameter, the command uses the default global shared secret, configured for Command Central. For more information about configuring a shared secret, see Configure Shared Secrets to Encrypt Instance and Component Passwords and sagcc add security credentials sharedsecret.
[options]	Optional. The command allows all options supported by the Command Line Interface. For a description of the options, see Common Options.

Usage Notes

Software AG recommends that you set the encoding of the properties file to UTF-8.

By default, the command writes the output with the encrypted password values to the console. To write the command output to a file, include the output option.

When you create a new environment with templates, use the same global shared secret in the new environment as the global shared secret you specified when encrypting the password. For example, if you encrypted the password with the global shared secret "secret_123", use the same global shared secret for the target installation in the new environment.

Format of the Properties File

When you want to encrypt a property in the properties file, you must prefix the property name with `@secure` in the following format: @secure.propertyName=value. Note that the property cannot have a multi-line value. In the following example, if you prefix the password properties with @secure:

# the user name of the administrator user
username=Administrator

# the password of the administrator user
@secure.adminpassword=cleartext_password

# the user name of the database user
username=dbuser

# the password of the database user
@secure.dbpassword=cleartext_password

The command output will return the following:

# the user name of the administrator user
username=Administrator

# the password of the administrator user
adminpassword=encrypted_value

# the user name of the database user
username=dbuser

# the password of the database user
dbpassword=encrypted_value

Examples When Executing on Command Central

To encrypt all password values with the prefix @secure contained in the "prodconfig.properties" file, using the global shared secret configured for Command Central:

sagcc exec security encrypt -i prodconfig.properties

To encrypt all password values with prefix @secure contained in the "prodconfig.properties" file, using the global shared secret configured for Command Central and write the output to a file named "encryptedPasswords.properties":

sagcc exec security encrypt -i prodconfig.properties -o encryptedPasswords.properties