Node settings values encryption

What is node settings encryption?

In conf/messaging-server/, you may have values that should be encrypted. For example:

  • ssl.key.password=myP@ssword : the password used to open the keystore used to configure TLS http connections

In this case, encrypt-value tool can be used to generate encrypted values, used in messaging-server/ For example:

  • ssl.key.password=myP@ssword can be converted to ssl.key.password=${encrypted:/Jny9NNfptGitSbr0yX+TvkRlHe5rUchC8+cvWnJUxY=}

Encryption key file usage

The node settings encryption mechanism uses the encryption key file to encrypt/decrypt data. The key used to encrypt data must be available to decrypt data on node startup, otherwise encrypted property values won't be decrypted.

Algorithm used: AES / CBC / PKCS5Padding, using the 128bits length key and a 128bits length initialization vector (randomly generated).

Reserved word

${encrypted:...} prefix is a reserved word. You should not use this prefix in an other context than value encryption.

How to generate encryption key

A tool is provided to generate the encryption key. <node dir>/bin/generate-encryption-key.bat (Windows) or <node dir>/bin/ (Linux).


How to encrypt values in

Encrypt a value

A tool is provided to convert clear to encrypted value: <node dir>/bin/encrypt-value.bat (Windows) or <node dir>/bin/ (Linux).


Encryption key is mandatory to encrypt values :

  • if there is no encryption key, you can't encrypt value, the script stops the process.

The script asks to type a value and generates as output an encrypted content:

Encrypted value format

Usage in

In messaging-server/, replace value with previously generated data. Example:

  • from not encrypted data
  • to encrypted data


  • no tool is provided to decrypt encrypted data
  • do not compose encrypted/non encrypted:
Incorrect usage

Related Links