Is there a way to encrypt the password for truststores and keystores in the IntroscopeAgent.profile?

Document ID : KB000013664
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

SSL communication between the agent and the Enterprise Manager can be enabled by specifying relevant SSL Communication Properties in the  IntroscopeAgent.profile. Following are some of the properties where you can specify the keystore, truststore and their passwords:

 

agentManager.trustStore.1

agentManager.trustStorePassword.1

agentManager.keyStore.1

agentManager.keyStorePassword.1

Question:

Is there a way to encrypt the passwords for the truststores and keystores in the IntroscopeAgent.profile?

Environment:
CA APM Java Agent
Answer:

While there is no option in the IntroscopeAgent.profile to enable encryption for the password properties (like how it can be done on the EM side by setting properties introscope.enterprisemanager.trustpassword.channel2.plaintextpassword=true) , we do perform password decryption checking on these passwords in the code.

In this case, you can work around the need by manually encrypting the password using the PropertiesUtil.jar in the <Agent_home>\tools directory, then specify the encrypted value in the agent profile.

For example, below are the steps involved:

1. Encrypt the password with PropertiesUtil.jar:

C:\Program Files\Java\jre7\bin>java -jar "<agent_home>\tools\PropertiesUtil.jar" encrypt password
0JdwOW+ar5RIkIyU

2. Specify the encrypted value in the following properties of the IntroscopeAgent.profile:

agentManager.trustStorePassword.1=0JdwOW+ar5RIkIyU
agentManager.keystorePassword.1=0JdwOW+ar5RIkIyU

 

 Note: The PropertiesUtil.jar can be obtained from the StandAloneAgentInstaller

Additional Information: