Encryption of multiple properties

Learn how you can encrypt multiple sensitive properties stored in the efm.properties file.

Although it is possible to encrypt multiple properties one by one described in Encryption of a single property section, Edge Flow Manager (EFM) provides a helper script for convenience that you can use to encrypt all sensitive properties stored in the efm.properties file.

This script relies on the Jasypt CLI, therefore it is necessary that you install it. Also it requires the JASYPT_HOME environment variable set, which points to the root directory of Jasypt.

To encrypt a specific property, wrap its unencrypted value with DEC(...) in the efm.properties file. For example,

efm.server.ssl.keyStorePassword=DEC(passwordToEncrypt)

To encrypt the efm.properties file, you need to use the encrypt_properties.sh command and you need to provide the secret key with the -p flag which stands for password. For example,

./bin/encrypt_properties.sh -p secretKey

Unless it is explicitly specified through -o option, this script produces a .encrypted file next to the original one. You need to overwrite the original file with this newly created file.

You can also use the following optional flags:

-h: Prints help
-a: Specifies the algorithm used for encryption. Default value is PBEWITHHMACSHA512ANDAES_256.
-i: Specifies the ivGeneratorClassName. Default value is org.jasypt.iv.RandomIvGenerator.
-l: Specifies an alternative location for the property file. Default value is conf/efm.properties.
-o: Specifies the output file location. Default value is conf/efm.properties.encrypted (<originalfile>.encrypted).