Skip to content

Password Encryption doc updates needed for better clarity on impact/changes #8242

Open
Open
Password Encryption doc updates needed for better clarity on impact/changes#8242
Assignees
jantley-ibm
Labels
26.0.0.3
@Zech-Hein

Description

@Zech-Hein
Zech-Hein
opened on Mar 27, 2026

Doc#1

Document: Password encryption limitations
http://openliberty.io/docs/latest/password-encryption.html

Please describe the problem you are having with the documentation. Is information missing, inaccurate, or unclear? Tell us about the context where you encountered the problem so we can understand how to address it.

we need to add the following info
"Starting from 26.0.0.3 the securityUtility encode --encoding=aes command will not use a default encryption key. It will now require one of the following arguments to be specified: --key, --base64Key, --aesConfigFile, or --keyring. Previous versions allowed AES encoding to be used without specifying a key by using a default value."

This could be added as a new paragraph after "...AES-128 for compatibility with server versions before 25.0.0.2"

In the encryption_key_protection section, where we list the two different variable settings, we could say
For Example, /protected/key.xml could contain
<variable name="wlp.aes.encryption.key" value="<your_aes_key>" />
or
<variable name="wlp.password.encryption.key" value="yourKey" />

Doc#2

https://openliberty.io/docs/latest/reference/command/securityUtility-encode.html

  1. Add a paragraph before the "For more information about limits..." paragraph, for
    "Starting from 26.0.0.3 the securityUtility encode --encoding=aes command will not use a default encryption key. It will now require one of the following arguments to be specified: --key, --base64Key, --aesConfigFile, or --keyring.
  2. move the hash example to the top of the list, so all the AES examples are together.
  3. On the "use a configuration file that contains... example,
    3.a Add
    For Example, aesConfig.xml could contain
    <variable name="wlp.aes.encryption.key" value="<your_aes_key>" />
    or
    <variable name="wlp.password.encryption.key" value="yourKey" />
    To help connect the dots of what the XML file contents are.
    3.b Update the Note that says "the configuration file must contain.." to say "The --aesConfigFile must contain" or "The aesConfig.xml must contain"

Metadata

Metadata

Assignees

Labels

26.0.0.3

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions