Automation: Including Encrypted Passwords in Recipes

Learn how to generate encrypted passwords and use them in recipe files.

For general information about using automation recipes, and simple examples to get you started, refer to the files below.

Note: Automation is valid for Linux only. It is not valid for Windows at this time.

Automation Reference Automation Examples

Supported Platforms: 8.4.x and later

Table of Contents

  1. Overview
  2. Creating the encryption key
  3. Encrypting a value
  4. Using the encrypted value in a properties file

Overview

When using automation recipes, in some cases it's important that credentials are encrypted for security reasons.

In version 2019.0.0 and later, automation functionality includes an encryption feature that uses a secret directive to indicate that a value is encrypted, and can be decrypted using the key in the secrets file.

The basic steps are:

  1. Create an encryption key and store it in a file. For example, the command below creates an encryption key and stores it in a file named secret.key:
    ./jython.sh -m akana.secrets --keygen --secrets-file secret.key
  2. Encrypt a value, or a set of values, that will be used in executing a recipe using the generated key. For example:
    ./jython.sh -m akana.secrets --encrypt --secrets-file secret.key "some value"

    This prints the encrypted value into console output; for example:

    secret:some_hash
  3. Use the encrypted value in a properties file.

back to top

Creating the encryption key

To create an encryption key, use the following command:

./jython.sh -m akana.secrets --keygen --secrets-file secret.key

In the above:

  • akana.secrets is the name of the automation module that supports managing encryption in automation recipes.
  • --keygen is the option to generate the encryption key.
  • --secrets-file specifies the user-defined name of the file where the encryption key is stored (in this case, secret.key).

back to top

Encrypting a value

To encrypt a value, use the following command:

./jython.sh -m akana.secrets --encrypt --secrets-file secret.key "some value"

In the above:

  • akana.secrets is the name of the automation module that supports managing encryption in automation recipes.
  • --encrypt is the option to encrypt a value.
  • --secrets-file specifies the user-defined name of the file where the encryption key is stored (in this case, secret.key).

    Note: As an alternative to --secrets-file, you could use: -s {filename}.

  • "some value" is the value to be encrypted.

back to top

Using the encrypted value in a properties file

Let's say you need to configure automation recipes with encryption, and there are two passwords, one for the database administration and one for the database schema.

The default recipes include the following:

"name":"set.database.options",
"properties":{
  "admin.username":"${DB_ADMIN_USERNAME|root}",
  "admin.password":"${DB_ADMIN_PASSWORD|password}",
  "user":"${DB_USERNAME|user123}",
  "password":"${DB_PASSWORD|password}",

In this scenario, the DB_ADMIN_PASSWORD and DB_PASSWORD values would be encrypted separately using the same key file.

For example, for this recipe variable:

${DB_ADMIN_PASSWORD}

The entry in the properties file might be:

DB_ADMIN_PASSWORD=secret:VdRdHt61SENlNrufQw2maonU9jZEcNMrprE5L_HDBrE

back to top