Introduction / FirstSpirit Server configuration / Configuration files (FirstSpirit Server) / FirstSpirit Server (fs-server.conf) / Password encryption

Area: Password encryption

# Password encryption 
#--------------------
# Enable password encryption.
password.encryption.active=0

# Password encryption key from file.
password.encryption.key.filePath=

# Password encryption key from environment variable.
password.encryption.key.environmentVar=

Passwords can be encrypted in FirstSpirit configuration files using the following optional parameters:

password.encryption.active

Passwords can be encrypted/decrypted in FirstSpirit configuration files using this parameter.

The parameter is set to 0 by default (no password encryption).
Encryption is activated by setting the parameter to 1. The next time the FirstSpirit Server is started, all passwords in the configuration files specified below are encrypted.
To decrypt the passwords again, the parameter must be set to 0 and the FirstSpirit Server must be restarted.

Important If encryption was configured via key file (parameter password.encryption.key.filePath), this file must be present on the FirstSpirit Server.

The password encryption concerns the following configuration files:

  • ../conf/fs-server.conf
  • ../conf/fs-database.conf
  • ../conf/webserver/System.Tomcat.Tomcat/tomcat.ini
  • ../data/schedule/scheduleEntries.xml
  • ../data/schedule/scheduleTaskTemplates.xml
  • ../data/schedule/statistic.xml
  • ../data/schedule/history.xml
  • ../data/projects.xml
  • ../data/project_[id]/project.xml

password.encryption.key.filePath

and

password.encryption.key.environmentVar

The parameters password.encryption.key.filePath and password.encryption.key.environmentVar can also be used to define a key which is to be used for encryption:

If both password.encryption.key.filePath and password.encryption.key.environmentVar are specified, password.encryption.key.environmentVar is used.
If the server was previously operated with password.encryption.key.filePath and is now being switched to password.encryption.key.environmentVar, the key entry must remain in the fs-server.conf even when the server is next started until all passwords have been rewritten.
The parameter password.encryption.active=0 is set for decryption in this case as well.

Important If encryption via password.encryption.key.filePath or password.encryption.key.environmentVar is used, the passwords can only be decrypted again if the specified key is available to FirstSpirit. Please therefore make sure that this key is always available. If the key is not available, the restart of the FirstSpirit Server will be canceled. Please contact technical support in this case.

Password encryption via API can be realized using the interface PasswordAgent (package de.espirit.firstspirit.agency).

© 2005 - 2024 Crownpeak Technology GmbH | All rights reserved. | FirstSpirit 2024.4 | Data privacy