How to encrypt data integration password-type properties?

By default, properties of type password are not encrypted when they are stored. They are just hidden to users in the user interface (actual characters are replaced by asterisks).

To encrypt properties, configure your node with a key store and a cryptographic RSA key pair as described in Node settings > Encryption settings. On a primary/replica cluster, configure the primary node only. 

Once properly configured, the node automatically encrypts any new value for a password-type property. If your application already contains such properties, you must save them again to store them in encrypted form.

If you export an application containing password-type properties from a node with cryptographic capabilities, the export file contains the value in their encrypted form.

Such an export file can be imported on any other node, however:

  • If the target node is configured with a key store containing the same cryptographic RSA key pair, then it will be able to decrypt the encrypted passwords. Things will run smoothly.
  • If the target node is not configured with a key store, or does not contain the expected cryptographic key, then it will not be able to decrypt passwords.
    • Route and connectors using the password properties will fail to start.
    • You will be prompted to enter new values for such properties.

Related Links