Normally, components that are required to authenticate against a database or another repository need to have user credentials specified in configuration files. Such sensitive information can be encrypted, so that only during runtime the actual value of the password will be known, protecting Aspire from potential malicious attacks.
In general, when using pre-packaged applications and the standard Aspire Admin interface (i.e. http://localhost:50505), all password encryption will be handled automatically. All passwords will be encrypted when stored in the relational database or in configuration files on disk.
All password encryption / decryption is based on a main password. Use the following steps to create one:
Note: The main password file must be secured by the operating system. This means that administrators should grant read access only to the user running Aspire.
If you are creating a custom application which requires password encryption, you may need to use the "encryptPassword" script.
To use password encryption, follow these instructions: