What is the boot.properties file in Weblogic and what is the encryption key used for password encryption ?

A boot identity file contains the user credentials for starting and stopping an instance of WebLogic Server. This is applicable for all the instances regarding the administration server and managed server as well.

The boot.properties file is an encrypted file available for each instance in the WebLogic domain .

Because the credentials are encrypted, using a boot identity file is more secure than storing plain text credentials in a startup or shutdown script. There can be a different boot identity file for each server in a domain.

Note:If you use Node Manager to start managed servers rather than running start scripts manually, you do not need to create boot identity files for them. Node Manager creates its own boot identity files and stores them under each server’s directory in the data/nodemanager subdirectory.

Create the boot.properties file Create a text file (normal, not encrypted) called “boot.properties” with the following contents:

username=weblogic
password=passw0rd

This file must be created/moved/ saved under the “$DOMAIN_HOME/servers/SERVER_NAME/security” directory. The first time the server starts using a boot identity file, it will encrypt the credentials in the file and use them when starting in future.

content of boot.properties are encrypted using AES128 bit algorithm and this use a secret key that was generated when the domain is created .

From 12.2.1.4 onwards for the newly created domain it used AES256 bit algorithm for the sensitive information encryption in the WebLogic domain including boot.properties , datasource passwords etc .

When creating a new domain, the WebLogic configuration wizard randomly creates a cypher key  
(or simply an encryption key), which it stores in a file called SerializedSystemIni.dat The SerializedSystemIni.dat file contains the master encryption key for the domain. It 
is associated with a specific WebLogic domain so it cannot be moved from domain to 
domain. Sensitive configuration data, including such items as JDBC passwords, is encrypted 
with the master encryption key. This encrypted data is kept in config.xml, or in the 
security metadata/policy store in the embedded LDAP. (RDBMS is used if configured.) 
If the SerializedSystemIni.dat file is destroyed or corrupted, you must reconfigure the 
WebLogic domain 

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *