Encrypting clear text parameters and passwords - Cloud - 8.0

Talend ESB Container Administration Guide

Talend Cloud
Talend Data Fabric
Talend Data Services Platform
Talend ESB
Talend MDM Platform
Talend Open Studio for ESB
Talend Real-Time Big Data Platform
Talend ESB
Talend Runtime
Administration and Monitoring
Design and Development
Installation and Upgrade
Last publication date

About this task

The Talend ESB Runtime provides a utility to enable you to encrypt your desired clear text parameters and passwords. You can there after use the encrypted values in your configuration and property files.

Follow these steps to use this utility:


  1. Set the environment variable TESB_ENV_PASSWORD in esb/container/bin/setenv.bat as follows:
    Where pwd can be anything you specified.
    This is the master password used by the container to encrypt all the desired parameters and passwords.
  2. Start the Talend Runtime Container.
  3. Install the tesb-encryptor-command feature in the container:
    karaf@trun()>feature:install tesb-encryptor-command
  4. Get an encrypted string for 'tadmin' for example by entering the following command in the container:
    karaf@trun()> tesb:encrypt-text tadmin
    You will get the following result:
    In case the password is not specified, it will be taken from the system environment variable TESB_ENV_PASSWORD. This helper uses PBEWITHSHA256AND256BITAES-CBC-BC hardcoded algorithm.
    Note that to use passwords encrypted by the tesb-encryptor-command feature in Data Services and Routes, you need to store the encrypted password in a context variable and specify the context variable in the password field of tESBConsumer, tRESTClient, cSOAP or cREST component, then deploy the service via Talend Administration Center and overwrite the context variable with the encrypted value. This is the only way encryption of passwords in Data Services and Routes works.
    Encryption algorithm can be configured by setting the environment variable TESB_ENV_ALGORITHM in esb/container/bin/setenv.bat as follows:
    Warning: All versions of Java from 1.8.0_161 enable the unlimited strength policy files by default, see https://www.oracle.com/technetwork/java/javase/8u161-relnotes-4021379.html for more information. If JCE security extensions are missing from JRE/JDK installation, you may face the error message, "Error executing command: java.lang.SecurityException: JCE cannot authenticate the provider BC". Those extensions are typically not installed by default because of the US export restrictions placed on "strong cryptography". Download them at http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html for Java 8 or http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html for Java 7.