PhixFlow Help

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

  1. Install the latest version of Java 8.
    We recommend Adopt Open JDK, which you can download fromĀ https://adoptopenjdk.net/. Select the options:
    • OpenJDK 8
    • HotSpot.
  2. If necessary, update the security settings to allow strong encryption and decryption of files.

  3. For Java 1.8.0_151 and later, set the crypto.policy to unlimited for the JRE used by PhixFlow. To do this, go to the JRE directory /lib/security/java.security file.
    The crypto.policy line is commented out.

    # crypto.policy=unlimited

    Delete the #" to uncomment the line:

    crypto.policy=unlimited

We strongly recommend that you use the latest version of Java.

For versions before Java 1.8.0_151, you must install the JCE Unlimited Strength Jurisdiction Policy files.

Java Keytool

We have used java keytool and created new configuration file phixflow-vault.xml.

For encrypting passwords in phixflow-datasource.xml we need to follow below four steps.

  1. Create Keystore using java keytool by running the command as

keytool -importpass -alias <keyAlias> -keystore <keystoreFileName> -storetype PKCS12

  • storetype parameter should follow with storetype value either PKCS12 or JCEKS.

  • alias <keyAlias> It's mandatory parameter and value can be provided in some format(e.g. database-dev-build-user) and should be saved as its used to fetch the secretKey

  • keystore <keystoreFileName> It's mandatory parameter.


Run the keytool command twice

First to import username to keystore e.g.

keytool -importpass -alias database-prod-build-user -keystore phixflowvault -storetype PKCS12


Keytool will propmt to "Enter Keystore password:" which is the masterpassoword for keystore and will ask to re-enter the password again.

Now keytool will prompt for "Enter the passowrd to be stored:" which is the username for database password.


Secondly to import password to keystore e.g.

keytool -importpass -alias database-prod-build-password -keystore phixflowvault -storetype PKCS12


Keytool will propmt to "Enter Keystore password:" which is the masterpassoword for keystore entered in above while importing username to keystore.

Now keytool will prompt for "Enter the passowrd to be stored:" which is the database password for user.



2.Add environment variable with value as keystore password and some variable name(This step can be skipped but then will need to mention masterkeystore password in phixflow-vault.xml see below step).

3.Edit phixflow-vault.xml

The PhixFlow webapp must be configured with phixflow-vault to use encrypted database password in phixflow-datasource.xml.


Edit phixflow-vault.xml and add values for below properties:

vaultType ( This value corresponds to the value we give while creating keystore for parameter -storetype it can be PKCS12 or JCEKS)

vaultUrl (keystore file url)

vaultKey (environment varaible name if we have setup it)

vaultPassword(In case we do not want to setup environment variable in step 2 we can directly provide the master password for keystore here)

4.Edit phixflow-datasource.xml


Make sure to have latest phixflow-datasource.xml

username: <keyAlias> value which we gave while running keytool for username we used in above steps e.g. database-prod-build-user

password: <keyAlias> value which we gave while running keytool for password we used in above stepse.g. database-prod-build-user

  • No labels

Please let us know if we could improve this page feedback@phixflow.com