Introduction / FirstSpirit Server configuration / Configuration files (FirstSpirit Server) / FirstSpirit Server (fs-server.conf) / Password encryption
Area: Password encryption
# Password encryption
#--------------------
# Enable password encryption.
password.encryption.active=0
# Password encryption key from file.
password.encryption.key.filePath=
# Password encryption key from environment variable.
password.encryption.key.environmentVar=
Passwords can be encrypted in FirstSpirit configuration files using the following optional parameters:
password.encryption.active
Passwords can be encrypted/decrypted in FirstSpirit configuration files using this parameter.
The parameter is set to 0 by default (no password encryption).
Encryption is activated by setting the parameter to 1. The next time the FirstSpirit Server is started, all passwords in the configuration files specified below are encrypted.
To decrypt the passwords again, the parameter must be set to 0 and the FirstSpirit Server must be restarted.
If encryption was configured via key file (parameter password.encryption.key.filePath), this file must be present on the FirstSpirit Server. |
The password encryption concerns the following configuration files:
- ../conf/fs-server.conf
- ../conf/fs-database.conf
- ../conf/webserver/System.Tomcat.Tomcat/tomcat.ini
- ../data/schedule/scheduleEntries.xml
- ../data/schedule/scheduleTaskTemplates.xml
- ../data/schedule/statistic.xml
- ../data/schedule/history.xml
- ../data/projects.xml
- ../data/project_[id]/project.xml
password.encryption.key.filePath
and
password.encryption.key.environmentVar
The parameters password.encryption.key.filePath and password.encryption.key.environmentVar can also be used to define a key which is to be used for encryption:
- If encryption is to take place via a key file, the path to this file must be specified via password.encryption.key.filePath (see also repository.encryption.keyFilePath and Creating the key file). You can use the same file as for repository encryption (parameters repository.encryption and repository.encryption.keyFilePath) or a different one.
- Alternatively, an environment variable can be used for encryption (parameter password.encryption.key.environmentVar).
If both password.encryption.key.filePath and password.encryption.key.environmentVar are specified, password.encryption.key.environmentVar is used.
If the server was previously operated with password.encryption.key.filePath and is now being switched to password.encryption.key.environmentVar, the key entry must remain in the fs-server.conf even when the server is next started until all passwords have been rewritten.
The parameter password.encryption.active=0 is set for decryption in this case as well.
If encryption via password.encryption.key.filePath or password.encryption.key.environmentVar is used, the passwords can only be decrypted again if the specified key is available to FirstSpirit. Please therefore make sure that this key is always available. If the key is not available, the restart of the FirstSpirit Server will be canceled. Please contact technical support in this case. |
Password encryption via API can be realized using the interface PasswordAgent (package de.espirit.firstspirit.agency).