Encryption Support for Configuration Properties encryption-support-for-configuration-properties
Overview overview
This feature allows all OSGi configuration properties to be stored in a protected encrypted form instead of clear text. The form in the Web Console UI is used to create encrypted text from clear text using the system wide encryption master key.
OSGi Configuration Plugin support was added in order to decrypt the property before it is used by a service.
Enabling Encryption Support enabling-encryption-support
These steps show how to encrypt the SMTP password for the Mail service. You can complete these steps for an OSGI property you want encrypted.
-
Go to the AEM Web Console at https://<serveraddress>:<serverport>/system/console/configMgr
-
In the upper left corner, go to Main - Crypto Support
-
The Adobe Experience Manager Web Console Crypto Support page is displayed.
-
In the Plain Text field, enter the text of the sensitive data you want to protect.
-
Select Protect. The Protected text is displayed as encrypted text.
-
Copy the Protected Text from Step#5 and paste it into OSGI Form value. In this example, the ecrypted SMTP password is added to the Day CQ Mail Service.
-
Save the Day CQ Mail Service properties. The SMTP password will now be sent as an encrypted value.
Decryption Support decryption-support
AEM now provides a Configuration Plugin to decrypt configuration properties. This AEM Plugin will automatically decrypt and retrieve the clear text properties.