Skip to main content

Moog Encryptor

Moogsoft Onprem includes an encryptor utility so you can encrypt passwords stored in the system.conf configuration file. Encrypted passwords in configuration files are more secure because someone with access to the configuration cannot necessarily gain access to integrated systems.

If you run in a distributed environment, run the encryptor utility on one host to create an encryption key (.key). Then copy the key to the $MOOGSOFT_HOME/etc/ directory on the remaining hosts.

Encrypt a password

To encrypt a password, execute the moog_encryptor command as follows:

 $MOOGSOFT_HOME/bin/moog_encryptor -p <password>

For example, to encrypt the password "Abacus":

/usr/share/moogsoft/bin/moog_encryptor -p 'Abacus'

The moog_encryptor displays the encrypted password:

The encrypted password is: 

        KfFJGilmGGJP/qTrJV6SBs0HTTy3NpCqvGaYKviDbLQ=

When using within Javascript code or JSON file, use: 

         {"encrypted_password":"KfFJGilmGGJP/qTrJV6SBs0HTTy3NpCqvGaYKviDbLQ="}

Note

Each time you run moog_encryptor, it generates a different encrypted password.

Configure Moogsoft Onprem to use encrypted passwords

You can use passwords encrypted with moog_encryptor in the system.conf file as follows:

  1. Edit $MOOGSOFT_HOME/config/system.conf.

  2. Identify the password you want to replace and uncomment the encrypted_password property. Comment out the password property. For example:

    "username"        : "moogsoft",
    #"password"        : "Abacus",
    "encrypted_password" : "e5uO0LY3HQJZCltG/caUnVbxVN4hImm4gIOpb4rwpF4=",
  3. Set the value of the encrypted_password property to the value returned from the moog_encryptor. For example:

    "encrypted_password":"KfFJGilmGGJP/qTrJV6SBs0HTTy3NpCqvGaYKviDbLQ=",
  4. Change the value of the password property so that it does not match the unencrypted value of the password.

Change the location of the encryption key

By default, the encryptor utility uses a key at the following location:

 $MOOGSOFT_HOME/etc/.key

The encryptor utility creates a new key if one does not already exist.

If you want to use a different location for the key, uncomment the encryption section in system.conf. Set the value of the encryption_key_file property to a new path for the key. For example:

# Uncomment the encryption section if you want to specify the location
# for the encryption key file.
,
"encryption" :
{
    # Use this to change the default location of the encryption key file
    "encryption_key_file" : "/usr/share/example/.key"
}

Note

You must configure Moogsoft Onprem to use the same .key file you used to encrypt passwords. If you encrypt a password using one key and then change the configuration to use another key, decryption fails.