Encrypting database password with Ant tasks for Liberty

You can use Ant tasks to encrypt database passwords for the WebSphere® Application Server Liberty server with the aes algorithm.

About this task

By default, Ant tasks encrypt passwords for the WebSphere Application Server Liberty server with the xor algorithm. You can encrypt them with the aes algorithm, but only with the default key.

You can use passwords that are already encrypted as input for the Ant tasks, for example if the Ant tasks are used by persons that should not have access to database production passwords.

Procedure

  1. From the Sample configuration files select the file configure-liberty-<database>.xml, and copy it to your working directory.
  2. Add a libertyEncoding attribute with the value none in the websphereapplicationserver element of the configureApplicationServer and installWorklightAdmin Ant tasks. For more information, see table 6 of Ant tasks for installation of MobileFirst runtime environments.
  3. For each database element of configureApplicationServer and installWorklightAdmin, add an attribute validate with the value false. 
      <target name="adminstall">
    <installworklightadmin >
      [...]
      <applicationserver>
        <websphereapplicationserver installdir="${appserver.was.installdir}"
                                    profile="${appserver.was.profile}"
                                    libertyEncoding="none">
          <server name="${appserver.was85liberty.serverInstance}"/>
        </websphereapplicationserver>
      </applicationserver>
      <database kind="WorklightAdmin" validate="false">
      [...]
      
  <target name="install">
    <configureapplicationserver contextroot="${worklight.contextroot}">
      <project warfile="${worklight.project.war.file}"/>
      <applicationserver>
        <websphereapplicationserver installdir="${appserver.was.installdir}"
                                    profile="${appserver.was.profile}"
                                    libertyEncoding="none">
          <server name="${appserver.was85liberty.serverInstance}"/>
        </websphereapplicationserver>
      </applicationserver>
     <database kind="Worklight" validate="false">
     [...]
      </database>
      <database kind="WorklightReports" validate="false">
     [...]
  4. Put the encrypted values in the properties for the database passwords.
    For more information about the parameters of Ant tasks, see Ant tasks for installation of MobileFirst runtime environments and Ant tasks for installation of MobileFirst Operations Console and Administration Services.
    Note: You can use this configure-liberty-<database>.xml file only to deploy, update, or uninstall applications to an application server, with the targets install, minimal-update, uninstall, adminstal, adm-minimalupdate, or admuninstall. You cannot use this file to create or migrate a database, with the targets databases or admdatabases, because the Ant file must have valid unencrypted database credentials to perform the database operations.

What to do next

See also:
Parent topic: Reference