Before you can encrypt or obfuscate passwords, you must run the Secure Credential Store utility to create the keystore for your secret encryption key. The agent distribution includes the Secure Credential Store utility in the following locations:

• Java Agent: <javaagent_home>/verX.X.X.X/utils/scs/scs-tool.jar
• Machine Agent: <machine_agent_home>/lib/secure-credential-store-tool-1.3.23.jar
• Database Agent: <database_agent_home>/lib/scs-tool.jar
• Analytics Agent: <analytics_agent_home>/bin/tool/scs-tool.jar

Run the Secure Credential Store utility generate_ks command with the following parameters:

• filename: Absolute path where the utility will create the secure credential keystore. Use this path for <credential-store-filename> in agent configuration.
• storepass: The secure credential keystore password. Use the obfuscated version of this password as the value for <credential-store-password> in agent configuration.
• format (For FIPS-compliant users only): The format of the secure credential keystore.

/<full path to application JRE>/bin/java -jar ./scs-tool.jar generate_ks -filename '/opt/appdynamics/secretKeyStore' -storepass 'MyCredentialStorePassword'

/<full path to application JRE>/bin/java -jar ./scs-tool.jar generate_ks -filename '/opt/appdynamics/secretKeyStore' -storepass 'MyCredentialStorePassword' -format 'FIPS'

The Secure Credential Store utility confirms it created and initialized the keystore:

Successfully created and initialized new KeyStore file: /opt/appdynamics/secretKeyStore
Verification - New KeyStore file: /opt/appdynamics/secretKeyStore is properly initialized.

Encrypt Passwords

To encrypt passwords using the secure credential store utility, run the encrypt command with the following parameters:

• filename: Absolute path to the secure credential keystore file.
• storepass: Password for the secure credential keystore. You can use either a plain-text password or a password that has been obfuscated as described in the following section.
• plaintext: Any plain text to encrypt. For instance, account access key or password.

The following example uses a plain-text password— storepass argument—for the secure credential keystore:

/<full path to application JRE>/bin/java -jar ./scs-tool.jar encrypt -filename '/opt/appdynamics/secretKeyStore' -storepass 'MyCredentialStorePassword' -plaintext 'MyAccessKeyOrPassword'

The same example uses an obfuscated password:

/<full path to application JRE>/bin/java -jar ./scs-tool.jar encrypt -filename '/opt/appdynamics/secretKeyStore' -storepass 's_gsnwR6+LDch8JBf1RamiBoWfMvjjipkrtJMZXAYEkw8=' -plaintext 'MyAccessKeyOrPassword'

The Secure Credential Store utility writes out an encrypted password for use in agent configuration files:

r9iDWPzHRCNDM1B6KTag4A/cA5B4pouVPkv48ovRm6c=