This feature allows all OSGi configuration properties to be stored in a protected encrypted form instead of clear text. The form in the Web Console UI is used to create encrypted text from clear text using the system wide encryption master key.
OSGi Configuration Plugin support was added in order to decrypt the property before it is used by a service.
Services that expect an encrypted value need to use the IsProtected check to see if the value is encrypted before trying to decrypt it, as it may already have been decrypted.
These steps show how to encrypt the SMTP password for the Mail service. You can complete these steps for an OSGI property you want encrypted.
Go to the AEM Web Console at https://<serveraddress>:<serverport>/system/console/configMgr
In the upper left corner, go to Main - Crypto Support
The Adobe Experience Manager Web Console Crypto Support page is displayed.
In the Plain Text field, enter the text of the sensitive data you want to protect.
Select Protect. The Protected text is displayed as encrypted text.
Copy the Protected Text from Step#5 and paste it into OSGI Form value. In this example, the ecrypted SMTP password is added to the Day CQ Mail Service.
Save the Day CQ Mail Service properties. The SMTP password will now be sent as an encrypted value.
AEM now provides a Configuration Plugin to decrypt configuration properties. This AEM Plugin will automatically decrypt and retrieve the clear text properties.