Setting the encryption password for EFM

You need to set the efm.encryption.password property which specifies a master password used for encrypting sensitive data saved to the Edge Flow Manager (EFM) server.

You can set it through the efm.properties file, a command line argument, or an OS environment variable.

By default, the EFM application uses AES encryption. The encryption key used is deterministically derived from an encryption password that the admin user must provide to the application at runtime. The property that is read for the encryption password is efm.encryption.password. You can set the value for this property in following ways:

As a command line argument: ./bin/efm.sh --efm.encryption.password=myEfmPassword
As a Java System Property: -Defm.encryption.password=myEfmPassword
As an OS environment variable: export EFM_ENCRYPTION_PASSWORD=myEfmPassword
As a key/value pair in the efm.properties file: efm.encryption.password=myEfmPassword

The derived encryption key length is determined by your Java Runtime Environment encryption strength profiles.

Unlimited Strength Encryption active: AES 256-bit key
Unlimited Strength Encryption inactive: AES 128-bit key

It is strongly recommended that you enable Unlimited Strength Encryption in your Java Runtime Environment.