Encrypting passwords (optional)
How to encrypt passwords required by the installation process
About this task
You can optionally encrypt the passwords that you will use while installing, upgrading, and managing HCL Workload Automation. The secure command uses the AES method and prints the encrypted password to the screen or saves it to a file.
You can perform a typical procedure, which uses a custom passphrase, as described in the following scenario. For more information about all secure arguments and default values, see Optional password encryption - secure script.
- Browse to the folder where the secure command is located:
- Before the installation, the command is located in the product image directory, <image_directory>/TWS/<op_sys>/Tivoli_LWA_<op_sys>/TWS/bin
- After the installation, the command is located in TWA_home/TWS/bin
- Depending on your operating system, encrypt the password as follows:
- Windows operating systems
-
secure -password password -passphrase passphrase
- UNIX operating systems
-
./secure -password password -passphrase passphrase
- z/OS operating systems
-
./secure -password password -passphrase passphrase
- -password
- Specifies the password to be encrypted.
- -passphrase
- Optional. Specifies the custom passphrase that is used to generate the key with which the command encrypts the password. If you set this parameter, inform the user who installs HCL Workload Automation that they must define the SECUREWRAP_PASSPHRASE environment variable in the same shell from which they run the installation command, and set it to the same value as the passphrase argument. On Windows operating systems, the passphrase must be at least 8 characters long.
- Provide both the encrypted password and custom passphrase to the user in charge of installing HCL Workload Automation. You can use encrypted passwords only in association with the specific passphrase used to encrypt them.
Installing with the encrypted password
- Open a brand new shell session.
- Ensure that no value is set for the SECUREWRAP_PASSPHRASE environment variable.
- Define the SECUREWRAP_PASSPHRASE environment variable
and set it to the passphrase defined by the user who ran the
secure command, as
follows:
SECUREWRAP_PASSPHRASE=<passphrase>
You can use encrypted passwords only in association with the specific passphrase used to encrypt them.
- In the same shell session, provide the encrypted passwords when running any
command that uses a password. An encrypted password looks like the following
example:
{aes}AFC3jj9cROYyqR+3CONBzVi8deLb2Bossb9GGroh8UmDPGikIkzXZzid3nzY0IhnSg=