There are several passwords stored in the Message Broker configuration file. In order to improve security these passwords can be kept in an encrypted form. The encryption’s method depends on the Message Broker version:
For the message brokers version < 4.0 passwords can be encrypted using
...
E4C
...
Cloud
...
Manager.
...
For the message brokers version >= 4.0 passwords can be encrypted using Message Broker itself or, if configuration is generated using Message Broker Configuration File Generator and ERP system supports required encryption methods, encryption is done automatically .
Encryption using E4C Cloud Manager
With Cloud Manager three passwords can be encrypted:
SAP user
Message Broker user
Proxy
...
Run E4C Cloud Manager and switch to "Password" tab. Enter the access token and the password to encrypt
...
and then press the "Encrypt Password" button
...
. Encrypted password will be displayed in the “Encrypted Password” field below. The access token is used as an encryption key therefor it is important to use a valid one otherwise Message Broker will not be able to decrypt the passwords.
...
The encrypted Password must be entered in an applicable section of the message broker configuration file as the property "passwordSecure".
Encryption using Message Broker
| Status | ||||
|---|---|---|---|---|
|
| Panel | ||||||
|---|---|---|---|---|---|---|
| ||||||
Passwords encrypted using E4C Cloud Manager will not be valid anymore in message broker using client id as its encryption key |
Beginning with Message Broker 4.0 the encryption is covered by the message broker executable file. And due to lack of token a client id will be used as an encryption key from now on. In order to encrypt a password using message broker it must be run in a command line with one of the following switches (they all do work in the same way both in linux and windows environment): -e, /e, --encrypt, /encrypt. This will enable ‘encryption mode’ of message broker - program will ask first for a client Id, then for a password and then it will return it in encrypted form as in the example presented below:
...
The encrypted Password must be entered in an applicable section of the message broker configuration file
...
...
as the property "passwordSecure".
Encryption using Message Broker Configuration File Generator
| Panel | ||||||
|---|---|---|---|---|---|---|
| ||||||
The encryption of passwords by Message Broker Configuration File Generator is only available in systems supporting required encryption methods |
In ERP systems that do not support required encryption methods, similarly to the layout of MessageBrokerSettings.yaml file user can enter password in an open text or using its encrypted form, encrypted previously using message broker. But in the systems which do support encryption ‘PasswordSecure’ in not available at all and only field ‘Password’ is. All passwords must be entered in their unencrypted form but then they will be encrypted by the program and use as such in a generated configuration file.