2016/08/27

"Password is not encoded" on WAS Liberty server.xml

There are some features in WAS Liberty Server (like apiDiscovery-1.0) that require stuff (like keyStore and basicRegistry) that will require passwords. If those passwords are note encoded we get warnings. It is was not clear to me how to encode a password. These are my notes :)

Encoding a password

We need the securityUtility command from bin directory of the server installation directory. And simply use encode subcommand. Since I am using the default key store defaultKeyStore everything is very simple:
# This is the location eclipse says my server is
cd /Users/ignacio/Documents/ibm/was16.0.0.2/usr
# Go to the bin directory
cd ../bin/

# encode all my passwords
./securityUtility encode keyStorePwd
{xor}NDomDCswLToPKDs=
./securityUtility encode admin
{xor}PjsyNjE=
./securityUtility encode member
{xor}MjoyPTot

Update the server.xml

Now, instead of passwords in plain text we copy and paste above results. (See my full server.xml)
<server>

    ...

    <keyStore id="defaultKeyStore" password="{xor}NDomDCswLToPKDs=" /> <!-- password="keyStorePwd" -->

    <basicRegistry>
        <user name="admin" password="{xor}PjsyNjE"/>
        <user name="member" password="{xor}MjoyPTot"/>
        <group name="admins">
            <member name="admin"/>
        </group>
        <group name="member">
            <member name="member"/>
        </group>
    </basicRegistry>

    ...

</server>
voilà! no warnings -- So much better :)

PS: defaultKeyStore 's password must be "keyStorePwd" other password didn't work for me. I can't remember where exactly I got it but it was a site from IBM documentation somewhere in the past.

Hold on, I don't know where is my server installation directory!
In case you installed via eclipse and forgot where it was installed, go the server properties and check the location.

More references

0 comments :