- Article History
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on
12-05-2017
01:54 PM
- edited on
01-09-2023
09:28 AM
by
Claudia.Landiva
Configuring extensions for password encryption
Most of our extensions support password encryption. To use this service, please follow these steps exactly as specified.
NOTE | Once done, you will have to uncomment the encryptionKey
and encryptedPassword
and update them with the ones that you generate in the config.yml file.
When you complete these steps, your extension will be ready for password encryption.
Contents
STEP 1. How do I generate the encrypted password?
In this case, we will take Cassandra Monitoring Extension as an example.
- Navigate to your Machine Agent installation folder, then head to the “monitors” folder.
- Now enter your Extension folder, or in our case, “
CassandraMonitor
” and copy the name of the jar file (here, “cassandra-monitoring-extension.jar
”) - Open your terminal and navigate to the CassandraMonitor folder.
- In the folder within terminal, make sure the jar file is present (i.e.,
cassandra-monitoring-extension.jar
). - Once you’ve verified all the details, run the following command. This command will give you your encrypted password.
java -cp "cassandra-monitoring-extension.jar" com.appdynamics.extensions.crypto.Encryptor myKey myPassword
The “myKey” in the command can be any random key that you'd like to use to encrypt the password. The “myPassword” is the plaintext password that you normally use to log in to your product. This is the password that you are trying to encrypt.
NOTE | If you have special characters in your plaintext password or your encryption key, you need to escape the special characters with a backslash (\) in the above command.
For example, if the plaintext password is myPa$$word
, the encryption command should look like this:java -cp "cassandra-monitoring-extension.jar" com.appdynamics.extensions.crypto.Encryptor myKey myPa\$\$word
- Once you run the command, here is how the encrypted password will be generated:
The value under “
Encrypted String
” above corresponds to your encrypted password.
- Save the values for your
encryptionKey
andEncrypted String
in a text editor so that you don’t lose them.
STEP 2. Configuring config.yml with the encrypted password:
- In the
config.yml
of the extension, insert theencryptionKey
andEncrypted String
. - The value for
encryptionKey
field is the random encryption key that was used in the command. For example, in the example above we usedmyKey
as the encryption key.
The value of encryptedPassword
is the result of the above command.
Once you complete all the steps in this article, your extension will be ready to use the newly generated encrypted password.
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Hello,
I see that the tags include 4.3, 4.4 and 4.5. Can anyone confirm if password encryption is compatible with the 4.2.15.9 machine agent?
Todd
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Hi Todd,
This does work with older versions of the Machine Agent as well.
Thanks,
Bhuvnesh
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Hahaha not sure how I missed it - perhaps it wansn't in the particular extension doc before (it is now) but found the clues in the source code of ext :)
So I assume this applies to all "AppDynamics supported" extensions?
Do you have plans to make implementation of encryption mandatory for "vendor supported" as well?
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Hi Konrad,
As of now, we don't have any plans to enforce encryption. But yes, since it is going to be part of our library, vendors can always use it.
Thanks
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
What do you do with the regular password field (where we provide clear text password)?
Do we comment/remove it from config.yml file or set it to empty/null/""
password: ""
or
remove it altogether.
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Hi Manoj,
You can just comment it out if you have the encryptedPassword defined.
Thanks
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
If someone faces the error below when encrypting,
Caused by: java.lang.ClassNotFoundException: sun.misc.BASE64Encoder
Please use JRE bundled with the machine agent.
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Is there a documented procedure for
Please use JRE bundled with the machine agent.
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
No, but it just means instead of using JRE installed on the machine,
~/Desktop/MA/monitors/KafkaMonitor$ java -cp "kafka-monitoring-extension.jar" com.appdynamics.extensions.crypto.Encryptor myKey mypass
Exception in thread "main" java.lang.NoClassDefFoundError: sun/misc/BASE64Encoder
at com.appdynamics.extensions.crypto.Encryptor.encrypt(Encryptor.java:44)
at com.appdynamics.extensions.crypto.Encryptor.main(Encryptor.java:65)
Caused by: java.lang.ClassNotFoundException: sun.misc.BASE64Encoder
at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:581)
at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:178)
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:522)
... 2 more
using bundled JRE
~/Desktop/MA/monitors/KafkaMonitor$ ../../jre/bin/java -cp "kafka-monitoring-extension.jar" com.appdynamics.extensions.crypto.Encryptor myKey mypass
****************************Encrypted Text**************************
...
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Thanks for expanding the conversation, @Barry.Harwood and @Yusuke.Miyahara! Your contribution makes a difference.
Claudia Landivar
Community Manager & Editor
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
If I had multiple encrypted passwords to add, what would the encryption key syntax look like assuming I would need multiple keys in the config file.
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Hi Jared,
If you are configuring something like above, extension will use same "encryptionKey" to decrypt the encrypted passwords. So you will have to encrypt all the passwords with same key too.
Regards,
Satish
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Thank you Satish, very helpful. My problem is sorted.
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Hi I am using the configuration as mentioned in attached screenshot. It was working fine with plain text password however when we converted it to encrypted password, account is locked out. Need to find out the root cause what is causing the configuration to fail.
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Hi @Kamal.Manchanda ,
According to the config file of the SQLMonitor extension, it expects "encryptionKey" outside of "connectionProperties". In your configuration it is inside "connectionProperties". Can you please make this change and try.
dbServers:
- displayName: "Instance1"
connectionUrl: ""
driver: ""
connectionProperties:
user: ""
password: ""
encryptedPassword: ""
encryptionKey: ""
Regards
Satish
- Mark as Read
- Mark as New
- Bookmark
- Permalink
- Report Inappropriate Content
Thanks for prompt help @Satish.Muddam It helped hinting to root cause. I used the below mentioned config.yml from @Bhuvnesh.Kumar using encryptionKey: "abcd" at the end.
dbServers:
- displayName: "Instance1"
connectionUrl: ""
driver: ""
connectionProperties:
user: ""
password: ""
encryptedPassword: "" #Needs to be used in conjunction with `encryptionKey`. Please read the extension documentation to generate encrypted password. https://community.appdynamics.com/t5/Knowledge-Base/How-do-I-use-Password-Encryption-with-Extensions...
queries:
- displayName: "Active Events"
queryStmt: "Select NODE_NAME, EVENT_CODE, EVENT_ID, EVENT_POSTED_COUNT from Active_events"
columns:
- name: "NODE_NAME"
type: "metricPathName"
- name: "EVENT_ID"
type: "metricPathName"
- name: "EVENT_CODE"
type: "metricValue"
- name: "EVENT_POSTED_COUNT"
type: "metricValue"
- displayName: "TRANSACTION DATABASE"
queryStmt: "SELECT TARGET_BOX, REACH_DURATION, ROUTER_DURATION FROM ASG_TRANSACTIONS WHERE TARGET_BOX IN ('target1','target2','target3','target4','target5')"
columns:
- name: "TARGET_BOX"
type: "metricPathName"
- name: "REACH_DURATION"
type: "metricValue"
- name: "ROUTER_DURATION"
type: "metricValue"
- displayName: "Node Status"
queryStmt: "Select NODE_NAME, NODE_STATE from NODE_STATES"
columns:
- name: "NODE_NAME"
type: "metricPathName"
- name: "NODE_STATE"
type: "metricValue"
properties:
convert:
"INITIALIZING" : 0
"UP" : 1
"DOWN" : 2
"READY" : 3
"UNSAFE" : 4
"SHUTDOWN" : 5
"RECOVERING" : 6
# Replaces characters in metric name with the specified characters.
# "replace" takes any regular expression
# "replaceWith" takes the string to replace the matched characters
metricCharacterReplacer:
- replace: "%"
replaceWith: ""
- replace: ","
replaceWith: "-"
numberOfThreads: 5
#Run it as a scheduled task instead of running every minute.
#Configure it. refer: https://community.appdynamics.com/t5/Knowledge-Base/Task-Schedule-for-Extensions/ta-p/35414#Configur...
#taskSchedule:
#numberOfThreads: 1
#taskDelaySeconds: 120
controllerInfo:
controllerHost: "controller"
controllerPort: 8090
account: "customer1"
username: "admin"
password: "admin"
encryptedPassword: ""
controllerSslEnabled: false
enableOrchestration: false
uniqueHostId: ""
accountAccessKey: ""
machinePath: ""
simEnabled: true
applicationName: ""
tierName: ""
nodeName: ""
encryptionKey: "abcd"