-
Notifications
You must be signed in to change notification settings - Fork 22
Encrypted Database Passwords
3.2.5+
When you set the mySQL database password for the ecssync user (or change it from the default in the service installation), you can optionally reference that password in XML or in the service configuration files as encrypted. Note that as of v3.2.5, the service installation uses an encrypted password by default.
To get an encrypted version of the password, run the following script (this should be in your path if using the service installation):
/opt/emc/ecs-sync/bin/ecs-sync-enc-passwd
Simply type in the actual password (characters will be hidden) and it will output the encrypted password.
To do this, you must modify the two files below. In these examples, the encrypted password is Z0TUQ+SciX2fp623Iu9LcQ==.
/opt/emc/ecs-sync/application-production.yml:
sync:
defaultDb: mySQL
dbDir: /opt/emc/ecs-sync/db
dbConnectString: jdbc:mysql://localhost:3306/ecs_sync?user=ecssync&characterEncoding=UTF-8
dbEncPassword: Z0TUQ+SciX2fp623Iu9LcQ==
/etc/init.d/ecs-sync (you will need sudo to edit this file):
APP_USER=root
JAVA_OPTS="-server -Xmx12G -XX:+UseParallelGC"
DB_OPT="--db-connect-string 'jdbc:mysql://localhost:3306/ecs_sync?user=ecssync&characterEncoding=UTF-8' --db-enc-password 'Z0TUQ+SciX2fp623Iu9LcQ=='"
RUN_DIR=${INSTALL_DIR}
To use an encrypted database password in an XML config file for a sync job, add the following line to the XML, right below the <dbTable> element:
<dbEncPassword>Z0TUQ+SciX2fp623Iu9LcQ==</dbEncPassword>
Note that this will override any password setting in the service configuration files. If you are running 3.2.5 specifically, there is a bug in that version that requires you to put the encrypted password in the XML. However, in the future, if you are using the service installation and it is properly configure as above, you do not need to provide a DB password in XML.
Any time you change/update the database password, you must also update it in the above references (either in your XML files or in the service configuration). If you do not do this, ecs-sync cannot connect to the database.