Password Encryption
Password encryption is essential to store user credentials securely. Without password encryption, anyone accessing the configuration files for aqishare could easily view any stored passwords by default, because it is stored as plain text. To avoid this potential security risk, it is possible to encrypt all passwords in the configuration files with an encryptor tool. The tool uses the asymmetric RSA algorithm to encrypt the passwords.
Download the Encryptor Tool
The password encryption tool is available for various platforms such as Windows, Linux and Mac. The package contains the executables for each of the mentioned platforms and can be downloaded from the delivery portal.
The download link for the
aqicrpyt
is available in the Software Download section! https://aqipro.com/downloads/aqicrypt.zip
Once downloaded, extract the package and continue with the correct executable according your current system architecture.
Using the Encryptor Tool
To encrypt passwords in any of the aqishare configuration files, follow the steps below. This guide demonstrates usage on a Windows system. If your platform is Unix or Mac, use the corresponding commands.
Generate Key Pair
Execute the encryptor tool based based on your system architecture to create a new key pair. Both keys are stored in separate files within the given directory (in the case below c:\temp\aqilink\keypair
). Make sure the given directory exists.
.\aqilink-encryptor-win-x64.exe generate c:\temp\aqilink\keypair
Map Private Key into Container
To allow the usage of the encrypted passwords based on the the newly created private key, the file be available inside the container of aqishare. Depending on the used containerization tool, the method to make files available depends (either map it or copy it).
Enable Usage
Once the private key file is available inside the container, aqishare must be made aware of it to use it. To accomplish this, add the path of the private key file within the container to app.yaml
.
privateKeyPath: /app/configs/privateKey.pem
Refer to related section Password Encryption in the app.yaml
.
Create Encrypted Passwords
To create encrypted passwords the following command of the encryptor tool has to be used:
.\aqilink-encryptor.exe encrypt MY_PASSWORD_TO_ENCRYPT --privateKeyPath c:\temp\aqilink\keypair\privateKey.pem
The output will be like:
Encrypted Password:
ENC(lax/tcmsuMMOsQccajvjJdT9pdb4NyluqW+42SC7jiDKUmTLGmHtl+hyL27Z/bainuUKbxfsHggXjLEFWQaoANt/UwkIJT3k0BJZd5yS+i+RcBSPuLNJ52RHxRx65UrAFViV1qLT6gOyT5OnsXRZL1xke8j3HhD2JlRmxOLc/AjiSEeVe4nC190h9d2D6TXeAdq6QoD6TbtvUrI17P4cyqPS3fetgirq7hm6EDjh6eWKHU9i9p9FEi3B8QjZCasLf+5bO/qN7MNcgLXD2gQAHRZYdVoAX+p7oCQ8DT3WemmzLCL1W0VjEul3aE0Yo5mNFOaD+oK89eQi4Q2qNrCqmQ==)
Copy the line starting with the ENC() function and paste it as value for the desired password value in one of the aqilink
configuration files (such as storage.yaml
or sapConnection.yaml
).