encrypt
The encrypt subcommand encrypts an input string, or JSON object, provided at the command line. This subcommand can be used to encrypt passwords, or other sensitive data, to be stored in the repository. The encrypted value is output to standard output and provides details of the cryptography key that is used to encrypt the data.
Usage is as follows:
./cli.sh encrypt [-j] string
If you do not enter the string as part of the command, the command prompts for the string to be encrypted. If you enter the string as part of the command, special characters such as quotation marks, must be escaped.
- -j or --json
Indicates that the string to be encrypted is a JSON object, and validates the object. If the object is malformed JSON and you use the
-j
option, the command throws an error. It is easier to input JSON objects in interactive mode. If you input the JSON object on the command-line, the object must be surrounded by quotes, and any special characters, including curly braces, must be escaped. The rules for escaping these characters are fairly complex. For more information, see the OSGi specification.For example:
./cli.sh encrypt \ --json '\{\"password\":\"myPassw0rd\"\}'
The following example encrypts a normal string value:
./cli.sh encrypt \ mypassword
Executing ./cli.sh... Starting shell in /path/to/openidm -----BEGIN ENCRYPTED VALUE----- { "$crypto" : { "type" : "x-simple-encryption", "value" : { "cipher" : "AES/CBC/PKCS5Padding", "stableId" : "openidm-sym-default", "salt" : "vdz6bUztiT6QsExNrZQAEA==", "data" : "RgMLRbX0guxF80nwrtaZkkoFFGqSQdNWF7Ve0zS+N1I=", "keySize" : 16, "purpose" : "idm.config.encryption", "iv" : "R9w1TcWfbd9FPmOjfvMhZQ==", "mac" : "9pXtSKAt9+dO3Mu0NlrJsQ==" } } } ------END ENCRYPTED VALUE------
The following example prompts for a JSON object to be encrypted:
./cli.sh encrypt --json
Using boot properties at /path/to/openidm/resolver/boot.properties Enter the Json value > Press ctrl-D to finish input Start data input:
{"password":"myPassw0rd"} ^D
-----BEGIN ENCRYPTED VALUE----- { "$crypto" : { "type" : "x-simple-encryption", "value" : { "cipher" : "AES/CBC/PKCS5Padding", "stableId" : "openidm-sym-default", "salt" : "vdz6bUztiT6QsExNrZQAEA==", "data" : "RgMLRbX0guxF80nwrtaZkkoFFGqSQdNWF7Ve0zS+N1I=", "keySize" : 16, "purpose" : "idm.config.encryption", "iv" : "R9w1TcWfbd9FPmOjfvMhZQ==", "mac" : "9pXtSKAt9+dO3Mu0NlrJsQ==" } } } ------END ENCRYPTED VALUE------