The Build Forge system uses encoded passwords by default
but can use encrypted passwords for additional security.
When password encryption is enabled, it is enabled as a symmetric
key password scheme. The same key must be used by both the client
using a password and the service that is accessed.
- Build Forge engine and Build Forge agents
- Build Forge services layer and the database used by Build Forge
In the Build Forge system, keys are kept in a bfpwcrypt.conf file.
The file is located in the installation directory of Build Forge (for
the engine) and the agent.
Password encryption uses symmetric keys. All systems that need
to decrypt a common database password need the same key. Also, all
agents that receive encrypted passwords from an engine need the engine's
key. If multiple engines are running (redundant configuration), the
agent needs each engine's key.
For a simple installation of one Build Forge Management Console
on one host and one agent on another host, enabling password encryption
requires the following procedure:
- Enable password encryption on the Build Forge console ().
- Export the current key to a file. (This key is used by the agent
and would also be used by other engines.)
- Generate a new key for the agent. Export it to a file. (This key
is used by the agent to encrypt its keystore password.)
- Update the agent's bfpwcrypt.conf with both keys.
Put the new key last.
- In the Build Forge console, enable password encryption for all
server definitions that use the agent. (Servers panel)
- On the Build Forge host, use the bfpwencrypt utility to encrypt
the password that Build Forge uses to access the database. Replace
the current password (encoded) with the encrypted password in buildforge.conf.
- Update the service layer's copy of buildforge.conf.
See Build Forge configuration file (buildforge.conf).