How to set wlp.password.encryption.key value in Liberty Profile

Question

We are trying to encrypt sensitive information stored in server.xml of Liberty Profile. To do that we are using securityUtility tool with "aes" encoding type. Understand from the IBM infocenter that a custom key value can be set with the property wlp.password.encryption.key for the encryption. If this value is not set the tool will use default value. We want to set up a custom value for the wlp.password.encryption.key property, so that it can be used during the encryption.

However I could not find any details how can we set this property. What are the syntax to be used?

Answer 1

Here are some information how to use encryption key - Liberty profile: The limits to protection through password encryption

The encryption key used for decrypting can be overridden from the default by setting the wlp.password.encryption.key property. This property should not be set in the server.xml file that stores the password, but in a separate configuration file that is included by the server.xml file. This separate configuration file should contain only a single property declaration, and should be stored outside the normal configuration directory for the server. This ensures that the file containing the key is not included when you are running the server dump or package command.
The encryption key property can also be specified as a bootstrap property.

How to define property (in server.xml or in separate file):

<server>
  ...
  <variable name="wlp.password.encryption.key" value="yourKey" />
</server>

How to include separate file in server.xml:

<server>
  ...
  <include location="${shared.config.dir}/key.xml" />
</server>

bootstrap.properties is optional file, it does not exist by default. You must create it in the same directory where server.xml is stored, by default usr/servers/server_name.
Define entry in there like this:

wlp.password.encryption.key = yourKey