Building ThingWorx 9.3.x docker images without spe...

PG_9989770 · ‎Jul 04, 2022

Hello,

I tested with the H2 database, others might be affected. I tested 9.3.1 and 9.3.3 with the same result.

When setting KEYSTORE: from 'true' to 'false' in the docker-compose files, the database password isn't changed in the final platform-settings.json.

The TWX_DATABASE_PASSWORD from the CUSTOM_SECRET_LIST: 'encrypt.db.password:TWX_DATABASE_PASSWORD' is never replaced, regardless of which password is put to replace it.

I checked a bit further and found in platform-settings-overrides.json.j2:

"password": "encrypt.db.password",
"username": "{{ env_var("TWX_DATABASE_USERNAME", "") }}"

So the username is replaced but the password is set as plaintext.

I believe this is intentional, to have it be replaced by finding the "encrypt.db.password" string at another point.

But it never is.

Building with the keystore activated is working fine and causes no problems.

Am I overlooking something or is this currently not working or supported?

Thanks.

Regards,

P.

CharlesJi · ‎Jul 06, 2022

Hi @PG_9989770,

Yes, the password doesn't "change" because the real one would be automatically added into the Thingworx storage,

so the string "encrypt.db.password" you are seeing is just the key to the real password (i.e., the one you set in TWX_DATABASE_PASSWORD).

Building ThingWorx 9.3.x docker images without specifying keystore

Building ThingWorx 9.3.x docker images without specifying keystore