OpenIDM uses the information in
conf/boot/boot.properties, including the key store
password, to start up. You can set an obfuscated version in the file, or
prompt for the password at start up time.
To use an obfuscated password, follow these steps:
-
Generate an obfuscated version of the password, by using the crypto bundle provided with OpenIDM:
$ java -jar /path/to/openidm/bundle/openidm-crypto-2.1.0-SNAPSHOT.jar This utility helps obfuscate passwords to prevent casual observation. It is not securely encrypted and needs further measures to prevent disclosure. Please enter the password: OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0 CRYPT:a8b5a01ba48a306f300b62a1541734c7
-
Paste the obfuscated password into the
conf/boot/boot.propertiesfile. Comment out the regular keystore password and remove the comment tag from the line that contains the obfuscated password:$ more conf/boot/boot.properties ... # Keystore password, adjust to match your keystore and protect this file # openidm.keystore.password=changeit openidm.truststore.password=changeit # optionally use the cli encrypt to obfuscate the password and set openidm.keystore.password=OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0 #openidm.keystore.password=CRYPT: ... -
Restart OpenIDM.
$ ./startup.sh
