The Azkaban Scheduler tooling decrypts profile values, such as connection passwords, at runtime using an encryption library, therefore the profile values entered into the "redadmin"."ws_scheduler_profile" metadata table need to be first encrypted with the same library and using a predictable salt (normally the lowercased connection name) and a profile encryption password. The encryption-util.jar is provided for this purpose and can be run from the command line to facilitate programmatic generation of profile entries and Azkaban config file entries (for DPAPI on Windows).
It is important to use the correct java version when running this tool and therefore the provided '.\jre\bin\java.exe' should be used from within the RED install directory.
The encryption-util.jar is available in the 'Standalone' folder within your RED installation directory, therefore the following commands have relative paths for running the command from within the WhereScape RED installation directory.
Encryption: .\jre\bin\java -jar .\Standalone\encryption-util.jar encrypt --encryption-type <string> --salt <string> --secret <string> --string-to-be-encrypted <string>
- output: A Base64 encoded encrypted string.
| Encrypt argument description | encrypt argument name |
|---|---|
| Required. The type of encryption to use. Supported encryption types are WSENC and DPAPI. | --encryption-type |
A salt is to be used to encrypt the provided string, Azkaban expects the salt to be the lowercased connection name when using WSENC Required for WSENC encryption. | --salt |
A secret to be used along with salt to encrypt the provided string Required for WSENC encryption. | --secret |
The string to be encrypted using the selected encryption-type. Required when encrypting. | --string-to-be-encrypted |
Decryption: .\jre\bin\java -jar .\Standalone\encryption-util.jar decrypt --decryption-type <string> --salt <string> --secret <string> --string-to-be-decrypted <string>
- output: A plain text string after decryption.
| Decrypt operation arguments description | Decrypt argument name |
|---|---|
| Required. The type of encryption to be used for decryption. Supported encryption types are WSENC and DPAPI. | --decryption-type |
A salt is used to decrypt the provided string, Azkaban expects the salt to be the lowercased connection name when using WSENC Required for WSENC encryption. | --salt |
A secret to be used along with salt to decrypt the provided string Required for WSENC encryption. | --secret |
The string to be decrypted using the selected decryption-type. Required when decrypting. | --string-to-be-decrypted |
encryption-util supports environment variables, which should be set in the system and follow this pattern WSENV~RED_META_SECRET~
This notifies the app to look for the environment variable RED_META_SECRET for the value and RED_META_SECRET should be set in the system's environment variables.
encryption-util can only decrypt WSENC passwords that are encrypted earlier by encryption-util itself.
DPAPI is supported only on Windows.