cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Community Tip - You can subscribe to a forum, label or individual post and receive email notifications when someone posts a new topic or reply. Learn more! X

Building ThingWorx 9.3.x docker images without specifying keystore

PG_9989770
4-Participant

Building ThingWorx 9.3.x docker images without specifying keystore

Hello,

 

I tested with the H2 database, others might be affected. I tested 9.3.1 and 9.3.3 with the same result.

When setting KEYSTORE:  from 'true' to 'false' in the docker-compose files, the database password isn't changed in the final platform-settings.json.

 

The TWX_DATABASE_PASSWORD from the CUSTOM_SECRET_LIST: 'encrypt.db.password:TWX_DATABASE_PASSWORD' is never replaced, regardless of which password is put to replace it.

 

I checked a bit further and found in platform-settings-overrides.json.j2:

"password": "encrypt.db.password",
"username": "{{ env_var("TWX_DATABASE_USERNAME", "") }}"

 

So the username is replaced but the password is set as plaintext.

 

I believe this is intentional, to have it be replaced by finding the "encrypt.db.password" string at another point.

But it never is.

 

Building with the keystore activated is working fine and causes no problems.

 

Am I overlooking something or is this currently not working or supported?

 

Thanks.

 

Regards,

P.

1 REPLY 1
CharlesJi
14-Alexandrite
(To:PG_9989770)

Hi @PG_9989770,

Yes, the password doesn't "change" because the real one would be automatically added into the Thingworx storage, 

so the string "encrypt.db.password" you are seeing is just the key to the real password (i.e., the one you set in TWX_DATABASE_PASSWORD).

 

 

 

Top Tags