Login
Contents x
Password Encryption
  • 21 Nov 2024
  • Dark
    Light
  • PDF
Contents

Password Encryption

  • Updated on 21 Nov 2024
  • Dark
    Light
  • PDF
Article summary

Legacy Encryption

For legacy-based $ENC encryption, use the following steps to run the encryption script and generate a password value.

  1. Navigate to the pronghorn-core node modules directory.

    cd /opt/pronghorn/current/node_modules/@itential/pronghorn-core

  2. Run the following command where mypassword is the password value that requires encryption.

    $ npm run encrypt mypassword
Encrypted Password:
$ENC8ef3972b5766e64a98df4b11d6d3221d82812e8caed3459e5a0d

  3. Use the encrypted password value, beginning with $ENC, instead of the plain-text values that are inserted in the properties.json file.

$SECRET Encryption

The $ENC encryption used within service configs, profiles, and the properties.json is now deprecated. The replacement is $SECRET_ followed by the path and the key used in Hashicorp Vault for encryption and decryption. Support for $ENC will be removed in a future release, and any remaining $ENC values will no longer function after its removal.

For more detail, see Manual Property Encryption for Profiles.

Encrypting Passwords in the Properties JSON

The properties.json file will likely contain passwords. As a best practice, use the rule of least privilege any time this file is managed.

  1. Set the file system permissions to user-read.

    chmod 0600 /opt/pronghorn/current/properties.json

  2. Change to the following directory.

    /opt/pronghorn/current/node_modules/@itential/pronghorn-core/utils

  3. Use the IAP encrypt tool to encrypt sensitive passwords before saving them in the properties.json file.

    $ node encrypt.js password
Encrypted Password: $ENC93eb9439537ae34196db49409dd0261a8b87218fafd0419

    Note: The encrypt.js tool will respond with a string that starts with $ENC. Use this string when configuring passwords in the properties.json file.

  4. Store the entire string below in the properties.json file without exposing the password.

    "mongoProps": {
    "db": "pronghorn",
    "url": "mongodb://localhost:27017",
    "credentials": {
        "dbAuth": true,
        "user": "pronghorn",
        "passwd": "$ENC82ee8a234a69f15bdb8e05409cda2418878b2f85af"
    }
}

  5. Alternatively, use the Vault Encryption feature. See the HashiCorp Vault Encryption guide to learn more.

Was this article helpful?
What's Next
Privacy Policy
Cookie Policy
Terms of Use
EULA
Copyright © 2024 Itential for Developers
Change password!
Changing your password will log you out immediately. Use the new password to log back in.
Change profile
Success!
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.
Logout