Skip to content

Fix: Correct cipher tool command for changing encrypted passwords in versions 7.0.0, 7.1.0, and next (Product IS issue #26100) #5634

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 1 commit into from
Closed

Fix: Correct cipher tool command for changing encrypted passwords in versions 7.0.0, 7.1.0, and next (Product IS issue #26100) #5634

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion en/includes/deploy/security/encrypt-passwords-with-cipher-tool.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@

{% if product_name == "WSO2 Identity Server" and is_version != "7.0.0" %}

While you are able to encrypt passwords using symmetric or asymmetric encryption, it is recommended to use symmetric encryption due to its greater resilience towards emerging post-quantum threats.

Check failure on line 12 in en/includes/deploy/security/encrypt-passwords-with-cipher-tool.md

View workflow job for this annotation

GitHub Actions / lint

Trailing spaces 

en/includes/deploy/security/encrypt-passwords-with-cipher-tool.md:12:197 MD009/no-trailing-spaces Trailing spaces [Expected: 0 or 2; Actual: 1] https://github.com/DavidAnson/markdownlint/blob/v0.38.0/doc/md009.md
Asymmetric encryption methods like RSA are not recommended due to their vulnerability to quantum computing capabilities.

!!! important
Expand All @@ -28,7 +28,7 @@
log4j2_password = "[password_5]"
```

2. Open a terminal, navigate to the `<IS_HOME>/bin/` directory, and execute the following command based on the encryption method and your operating system:

Check failure on line 31 in en/includes/deploy/security/encrypt-passwords-with-cipher-tool.md

View workflow job for this annotation

GitHub Actions / lint

Spaces after list markers 

en/includes/deploy/security/encrypt-passwords-with-cipher-tool.md:31:1 MD030/list-marker-space Spaces after list markers [Expected: 1; Actual: 2] https://github.com/DavidAnson/markdownlint/blob/v0.38.0/doc/md030.md

=== "Symmetric encryption"

Expand Down Expand Up @@ -123,7 +123,7 @@

You may include encrypted passwords in the `log4j2.properties` file found in the `<IS_HOME>/repository/conf` directory. For example, you may set `log4j.appender.LOGEVENT.password` as shown below:

```

Check failure on line 126 in en/includes/deploy/security/encrypt-passwords-with-cipher-tool.md

View workflow job for this annotation

GitHub Actions / lint

Fenced code blocks should have a language specified 

en/includes/deploy/security/encrypt-passwords-with-cipher-tool.md:126 MD040/fenced-code-language Fenced code blocks should have a language specified [Context: "```"] https://github.com/DavidAnson/markdownlint/blob/v0.38.0/doc/md040.md
log4j.appender.LOGEVENT.password=$secret{log4j2_password}
```

Expand All @@ -133,11 +133,11 @@

1. Shut down the {{product_name}}.

2. On a command prompt, navigate to the `<IS_HOME>/bin/` directory where the cipher tool scripts reside.

Check warning on line 136 in en/includes/deploy/security/encrypt-passwords-with-cipher-tool.md

View workflow job for this annotation

GitHub Actions / Vale style check 

[vale] reported by reviewdog 🐶
[write-good.TooWordy] 'reside' is too wordy.

Raw Output:
{"message": "[write-good.TooWordy] 'reside' is too wordy.", "location": {"path": "en/includes/deploy/security/encrypt-passwords-with-cipher-tool.md", "range": {"start": {"line": 136, "column": 98}}}, "severity": "WARNING"}

{% if product_name == "WSO2 Identity Server" and is_version != "7.0.0" %}
{% if product_name == "WSO2 Identity Server" and is_version not in ["7.0.0", "7.1.0", "next"] %}

3. Run the cipher tool by executing the command corresponding to your encryption method and operating system:

Check failure on line 140 in en/includes/deploy/security/encrypt-passwords-with-cipher-tool.md

View workflow job for this annotation

GitHub Actions / lint

Ordered list item prefix 

en/includes/deploy/security/encrypt-passwords-with-cipher-tool.md:140:1 MD029/ol-prefix Ordered list item prefix [Expected: 1; Actual: 3; Style: 1/1/1] https://github.com/DavidAnson/markdownlint/blob/v0.38.0/doc/md029.md

=== "Symmetric encryption"

Expand All @@ -153,18 +153,18 @@

{% else %}

3. Run the cipher tool by executing the command corresponding to your operating system:

Check failure on line 156 in en/includes/deploy/security/encrypt-passwords-with-cipher-tool.md

View workflow job for this annotation

GitHub Actions / lint

Ordered list item prefix 

en/includes/deploy/security/encrypt-passwords-with-cipher-tool.md:156:1 MD029/ol-prefix Ordered list item prefix [Expected: 1; Actual: 3; Style: 1/1/1] https://github.com/DavidAnson/markdownlint/blob/v0.38.0/doc/md029.md

* Linux: `./ciphertool.sh -Dchange`

Check failure on line 158 in en/includes/deploy/security/encrypt-passwords-with-cipher-tool.md

View workflow job for this annotation

GitHub Actions / lint

Unordered list style 

en/includes/deploy/security/encrypt-passwords-with-cipher-tool.md:158:5 MD004/ul-style Unordered list style [Expected: dash; Actual: asterisk] https://github.com/DavidAnson/markdownlint/blob/v0.38.0/doc/md004.md
* Windows: `ciphertool.bat -Dchange`

Check failure on line 159 in en/includes/deploy/security/encrypt-passwords-with-cipher-tool.md

View workflow job for this annotation

GitHub Actions / lint

Unordered list style 

en/includes/deploy/security/encrypt-passwords-with-cipher-tool.md:159:5 MD004/ul-style Unordered list style [Expected: dash; Actual: asterisk] https://github.com/DavidAnson/markdownlint/blob/v0.38.0/doc/md004.md

{% endif %}

4. You will be prompted for the primary keystore password. Enter the password. For the default keystore, it is `wso2carbon`.

Check failure on line 163 in en/includes/deploy/security/encrypt-passwords-with-cipher-tool.md

View workflow job for this annotation

GitHub Actions / lint

Ordered list item prefix 

en/includes/deploy/security/encrypt-passwords-with-cipher-tool.md:163:1 MD029/ol-prefix Ordered list item prefix [Expected: 1; Actual: 4; Style: 1/2/3] https://github.com/DavidAnson/markdownlint/blob/v0.38.0/doc/md029.md

5. A numbered list of all encrypted password aliases will be displayed. Enter the number corresponding to the alias of the password you want to change.

Check failure on line 165 in en/includes/deploy/security/encrypt-passwords-with-cipher-tool.md

View workflow job for this annotation

GitHub Actions / lint

Ordered list item prefix 

en/includes/deploy/security/encrypt-passwords-with-cipher-tool.md:165:1 MD029/ol-prefix Ordered list item prefix [Expected: 2; Actual: 5; Style: 1/2/3] https://github.com/DavidAnson/markdownlint/blob/v0.38.0/doc/md029.md

6. The system will then prompt you (twice) to enter the new password. Enter your new password.

Check failure on line 167 in en/includes/deploy/security/encrypt-passwords-with-cipher-tool.md

View workflow job for this annotation

GitHub Actions / lint

Ordered list item prefix 

en/includes/deploy/security/encrypt-passwords-with-cipher-tool.md:167:1 MD029/ol-prefix Ordered list item prefix [Expected: 3; Actual: 6; Style: 1/2/3] https://github.com/DavidAnson/markdownlint/blob/v0.38.0/doc/md029.md

{% if product_name == "WSO2 Identity Server" and is_version != "7.0..0" %}
## Rotating Encryption Secrets
Expand Down
Loading