Encryption Support for Configuration Properties
This feature allows all OSGi configuration properties to be stored in a protected encrypted form instead of clear text. The form in the Web Console UI is used to create encrypted text from clear text using the system wide encryption master key.
OSGi Configuration Plugin support was added in order to decrypt the property before it is used by a service.
Services that expect an encrypted value need to use the IsProtected check to see if the value is encrypted before trying to decrypt it, as it may already have been decrypted.
Enabling Encryption Support
These steps show how to encrypt the SMTP password for the Mail service. You can complete these steps for an OSGI property you want encrypted.
- Go to the AEM Web Console at https://<serveraddress>:<serverport>/system/console/configMgr
- In the upper left corner, go to Main - Crypto Support
- The Adobe Experience Manager Web Console Crypto Support page is displayed.
- In the Plain Text field, enter the text of the sensitive data you want to protect.
- Select Protect . The Protected text is displayed as encrypted text.
- Copy the Protected Text from Step#5 and paste it into OSGI Form value. In this example, the ecrypted SMTP password is added to the Day CQ Mail Service .
- Save the Day CQ Mail Service properties. The SMTP password will now be sent as an encrypted value.
AEM now provides a Configuration Plugin to decrypt configuration properties. This AEM Plugin will automatically decrypt and retrieve the clear text properties.