Table of Contents

Search

  1. Preface
  2. Command Line Programs and Utilities
  3. Installing and Configuring Command Line Utilities
  4. Using the Command Line Programs
  5. Environment Variables for Command Line Programs
  6. Using infacmd
  7. infacmd as Command Reference
  8. infacmd aud Command Reference
  9. infacmd autotune Command Reference
  10. Infacmd bg Command Reference
  11. infacmd ccps Command Reference
  12. infacmd cluster Command Reference
  13. infacmd cms Command Reference
  14. infacmd dis Command Reference
  15. Infacmd dis Queries
  16. infacmd dp Command Reference
  17. infacmd idp Command Reference
  18. infacmd edp Command Reference
  19. Infacmd es Command Reference
  20. infacmd ics Command Reference
  21. infacmd ipc Command Reference
  22. infacmd isp Command Reference
  23. infacmd ldm Command Reference
  24. infacmd mas Command Reference
  25. infacmd mi Command Reference
  26. infacmd mrs Command Reference
  27. infacmd ms Command Reference
  28. infacmd oie Command Reference
  29. infacmd ps Command Reference
  30. infacmd pwx Command Reference
  31. infacmd roh Command Reference
  32. infacmd rms Command Reference
  33. infacmd rtm Command Reference
  34. infacmd sch Command Reference
  35. infacmd search Command Reference
  36. infacmd sql Command Reference
  37. infacmd tdm Command Reference
  38. infacmd tools Command Reference
  39. infacmd wfs Command Reference
  40. infacmd ws Command Reference
  41. infacmd xrf Command Reference
  42. infacmd Control Files
  43. infasetup Command Reference
  44. pmcmd Command Reference
  45. pmrep Command Reference
  46. Working with filemanager
  47. Working with pmrep Files

Encrypting Passwords

Encrypting Passwords

You can encrypt passwords to create an environment variable to use with infacmd, infasetup, pmcmd, and pmrep or to define a password in a parameter file.
For example, you can encrypt the repository and database passwords for pmrep to maintain security when using pmrep in scripts. Then you can create an environment variable to store the encrypted password. Or, you can define a password for a relational database connection object in a parameter file.
Use the command line program pmpasswd to encrypt passwords.
The pmpasswd utility uses a AES/CBC/PKCS5 padding cipher and generates a base64 encoded and AES 128-bit or AES 256-bit encrypted password.
The pmpasswd utility installs in the following directory:
<InformaticaInstallationDir>/server/bin
The pmpasswd utility uses the following syntax:
pmpasswd <password> [-e (CRYPT_DATA | CRYPT_SYSTEM)]
The following table describes pmpasswd options and arguments:
Option
Argument
Description
-
password
Required. The password to encrypt.
-e
CRYPT_DATA,
CRYPT_SYSTEM
Optional. Encryption type:
  • CRYPT_DATA. Use to encrypt connection object passwords that you define in a parameter file.
  • CRYPT_SYSTEM. Use for all other passwords.
Default is CRYPT_SYSTEM.
By default, the pmpasswd utility generates AES 128-bit encrypted password. You can set the environment variable
INFA_USE_AES_256_CRYPTOGRAPHER
to
true
to enable AES 256-bit encryption for enhanced password security. In single node domain or multinode domain, ensure to shutdown the domain before setting or removing the environment variable.
When you enable the AES 256-bit encryption, the previously stored sensitive data in the environment variables does not work. You must encrypt such previously stored sensitive data again and reset the data in the environment variables after enabling AES 256-bit encryption. However, the license keys remain encrypted with AES 128-bit even if you enable AES 256-bit.
After you choose either AES 128-bit or AES 256-bit encryption, you must use the same encryption mechanism while performing a backup and restore or export and import operation. For example, if you back up a domain or repository using the AES 128-bit mechanism, you must restore the domain or repository using the same 128-bit encryption mechanism. Domain restore fails if AES 256-bit encryption is enabled for domain backup and not enabled during domain restore. In such a case, clean up the database, enable 256-bit encryption and restore the domain again.
Similarly, if you export a domain or repository using the AES 128-bit mechanism, you must import the domain or repository using the same 128-bit encryption mechanism.