By default, Web Application Platform properties are stored as plain text. If required, any of these properties can be encrypted. For property encryption and decryption, you need to generate a pair of keys by using our property encryption tool. The tool is provided as the encryptor.jar file and the steps below explain how to use it.

Prerequisites

The encryption tool uses Java 11. Therefore, the system PATH variable needs to point to the location of the bin folder of the Java 11 home directory, e. g. C:\Java\Java11\bin or /opt/Java/Java11/bin.


To encrypt Web Application Platform properties

  1. Click the link to download the encryptor.jar file.
  2. Open the command-line interface and navigate to the directory where the encryptor.jar file is located.
  3. Run the java -jar encryptor.jar command. You should see the information on how to use the tool as displayed below.



  4. Run the java -jar encryptor.jar generate-keys <path_to_folder_for_keys> command to generate a pair of keys for property encryption and decryption. Make sure to replace the <path_to_folder_for_keys> placeholder with the actual path to the directory where you want to store the keys. You should see a confirmation that the keys have been successfully generated.

    Keys for encryption and decryption

    After executing the command, the following keys are created in the specified directory:

    • propertiesEncryptionKey.pub - a public key used to encrypt property values.
    • propertiesEncryptionKey - a private key used to decrypt property values.
  5. To encrypt a property, run the java -jar encryptor.jar encrypt <unencrypted_property_value> <path_to_the public_key> command. Make sure to replace the <unencrypted_property_value> and <path_to_the public_key> placeholders with the actual property value and the path to the propertiesEncryptionKey.pub file. The tool will output the encrypted property value.



  6. Go to the Web_App_Platform_installation_directory>\apache-tomcat\shared\conf directory and open the webappplatform.properties file.

  7. In the webappplatform.properties file, replace the actual property value with the encrypted property value in the following format: ENC(encrypted_property_value).

    Example of an encrypted property

    For example, an encrypted Teamwork Cloud administrator password, should look similar to this one: twc.admin.password=ENC(lcvPbmmI32vn1jD2EYrQfMLu7ydX+/DW8wljMsk/
    +UcjrPWXELau1YC1FFTa3UBMptu3sFK6wjOuLipveVBJYzo0k+yfgt1qnD1ud/3E7LsRGwMe4srlAIF7Kfq36pPywTu58NBYp6M8yktIDTtKtQSvuZF8Qcb38Vw56OkGCd9Io+vdM5aTN
    TNi2ls7jnN09BuqD6lZvwJ/atcrd0grfEhxwM3PSw0zzUS+EenjWedTxogxpfXLtUbTEuzwYSMGqyi5goX9Wb3vnkMPs7xlL/ZhqYYIQCXwQaREbzLIH3oJEHJxRvUpFIhWJoc/7LJfn/09ukx0wjgF296kEgI+rA==)    .
  8. Go to the <Web_App_Platform_installation_directory>\apache-tomcat\conf directory and open the catalina.properties file.

  9. In the catalina.properties file, add the properties.encryption.private.key.location property and specify the path to the private key (the propertiesEncryptionKey file) as its value, e.g., properties.encryption.private.key.location=C:\\apache-tomcat-9.0.19\\shared\\conf\\keys\\propertiesEncryptionKey.

    Private key location

    The private key (the propertiesEncryptionKey file) should be in the location which Web Application Platform can access.

  10. Restart Web Application Platform.