Configuring database password encryption

Change the configuration of your locally stored database password to improve application security. Encrypt the password using AES encryption algorithm. This solution does not apply if you use Windows Authentication for the database access.


  1. Stop the BigFix Inventory server.
  2. To encrypt your database password with AES, execute the following command.
    1. Set the JAVA_HOME variable.

      export JAVA_HOME=Installation_directory/jre/jre

      set JAVA_HOME=Installation_directory\jre\jre

    2. Run the following command.

      Installation_directory/wlp/bin/securityUtility encode --encoding=aes

      Installation_directory\wlp\bin\securityUtility.bat encode --encoding=aes

    Provide your current database password.
    Enter text:
    Re-enter text:
  3. Update the database password in the server.xml file. Enter the value generated in the previous step in the following code line:
    • DB2 database:
      <properties.db2.jcc databaseName='temadb' driverType='4' enableExtendedIndicators='2' 
      password='{aes}xxxxXXXXxxxxXXXXxxxxXXXXxxxxXXXXxxxxXXXX' portNumber='50000' serverName='localhost' user='db2inst1'/>
    • MSSQL database
       < databaseName='temadb' 
      password='{aes}xxxxXXXXxxxxXXXXxxxxXXXXxxxxXXXXxxxxXXXX'' serverName='localhost' user='sa'/>
    The server.xml file is located in the following folder.
    • Installation_directory/wlp/usr/servers/server1
    • Installation_directory\wlp\usr\servers\server1
  4. Update the database password in the database.yml file, located in the following folder.
    • Installation_directory/wlp/usr/servers/server1/config
    • Installation_directory\wlp\usr\servers\server1\config

    Enter the value generated in the step 2 in the following code line.

    encrypted_password: "{aes}xxxxXXXXxxxxXXXXxxxxXXXXxxxxXXXXxxxxXXXX"
    Tip: Follow the instruction mentioned here while editing the database.yml file.
  5. Start the BigFix Inventory server.