About password security in Build Forge

The Build Forge system uses encoded passwords by default but can use encrypted passwords for additional security.

When password encryption is enabled, it is enabled as a symmetric key password scheme. The same key must be used by both the client using a password and the service that is accessed.

In the Build Forge system, keys are kept in a bfpwcrypt.conf file. The file is located in the installation directory of Build Forge (for the engine) and the agent.

Password encryption uses symmetric keys. All systems that need to decrypt a common database password need the same key. Also, all agents that receive encrypted passwords from an engine need the engine's key. If multiple engines are running (redundant configuration), the agent needs each engine's key.

For a simple installation of one Build Forge Management Console on one host and one agent on another host, enabling password encryption requires the following procedure:


Feedback