xMatters: How to Encrypt Passwords in IA js Config Files

Posted by Travis DePuy  I  April 25, 13

Plain text passwords.... Usability vs security.... Often there are times when a password is needed to connect an xMatters instance to an external management system from the Integration Agent (IA). In the past, these were always stored in xml or js files in the integration services directory... in clear text. This made it great for verifying, viewing and updating the password in a development timeframe, but terrible in a real production environment because of the security concerns.

Techport Thirteen provides xMatters consulting services

Well, encrypting these passwords into a file is actually very easy. Just follow these steps:

  • In the js file that will actually do the decrypting, add this package:

importClass(Packages.com.alarmpoint.integrationagent.security.EncryptionUtils);

  • Add a variable pointing to the encrypted file:

var OMI_PASSWORD_FILE = "conf/hpomi.pwd";

  • Add this function somewhere in the js file:

/**
* Decrypts the password for the ServiceDeskUser used by the integration
* @param passwordFile file/path of the file containing the encrypted password
* @return decrypted password or an empty string if the password cannot be decrypted
*/


function getPassword(passwordFile)
{
   try
   {
       var encryptionUtils = new EncryptionUtils();
       var file = new File(passwordFile);
       return encryptionUtils.decrypt(file);
   }
   catch (e)
   {
       return "";
    }
}

  • Finally, encrypt the password using the iapassword.bat utility:

iapassword.bat --new "this is my new password" --file .\conf\newpass.pwd

You can see the syntax just by running the command with no parameters:

C:\Program Files (x86)\xMatters\integrationagent-5.0.6\bin>iapassword.bat

Usage: iapassword --new <new_password> [--old <old_password>] [--file </path/to/pwd/file>]

I encourage this for anytime there is a password that the xMatters IA needs to store. It is just this easy.

Tags:  xMatters