1e1836354b
Fixed the documentation on the arguments to maxkeys, which is a directory, and added a short paragraph about alternative key file locations. Also documented that keys are read from the directory where the `datadir` parameter points to.
46 lines
1.4 KiB
Markdown
46 lines
1.4 KiB
Markdown
# Encrypting Passwords
|
|
|
|
There are two options for representing the password, either plain text or
|
|
encrypted passwords may be used. In order to use encrypted passwords a set of
|
|
keys must be generated that will be used by the encryption and decryption
|
|
process. To generate the keys, use the `maxkeys` command.
|
|
|
|
```
|
|
maxkeys
|
|
```
|
|
|
|
By default the key file will be generated in `/var/lib/maxscale`. If a different
|
|
directory is required, it can be given as the first argument to the program. For
|
|
more information, see `maxkeys --help`.
|
|
|
|
Once the keys have been created the `maxpasswd` command can be used to generate
|
|
the encrypted password.
|
|
|
|
```
|
|
maxpasswd plainpassword
|
|
96F99AA1315BDC3604B006F427DD9484
|
|
```
|
|
|
|
The username and password, either encrypted or plain text, are stored in the
|
|
service section using the `user` and `password` parameters.
|
|
|
|
If a custom location was used for the key file, give it as the first argument to
|
|
`maxpasswd` and pass the password to be encrypted as the second argument. For
|
|
more information, see `maxkeys --help`.
|
|
|
|
Here is an example configuration that uses an encrypted password.
|
|
|
|
```
|
|
[My-Service]
|
|
type=service
|
|
router=readconnroute
|
|
router_options=master
|
|
servers=dbserv1, dbserv2, dbserv3
|
|
user=maxscale
|
|
password=96F99AA1315BDC3604B006F427DD9484
|
|
```
|
|
|
|
If the key file is not in the default location, the
|
|
[`datadir`](../Getting-Started/Configuration-Guide.md#datadir) parameter must be
|
|
set to the directory that contains it.
|