Password Encryption

User passwords are stored encrypted in the system database. Passwords of Axon Ivy users are hashed by using the bcrypt algorithm.

Passwords of technical users that are used to communicate with external systems are encrypted using the AES algorithm. The secret key for the AES algorithm is by default created automatically by using a secure random generator. However, it is possible to provide an own secret key as follows:

  1. Create your own AES secret key and store it in a key store file by using the Java keytool:

    keytool -genseckey -alias aes -keyalg AES -keysize 128 -storepass changeit -storetype JCEKS -keystore keystore.jceks

  2. Configure the following Java system properties in jvm.options:

     1# path to the key store that holds the AES secret key
 2-Dch.ivyteam.ivy.persistence.keystore.file=keystore.jceks
 3
 4# password needed to read the key store file
 5-Dch.ivyteam.ivy.persistence.keystore.password=changeit
 6
 7# name of the key to read from the key store file
 8-Dch.ivyteam.ivy.persistence.keystore.alias=aes
 9
10# type of the key store        
11-Dch.ivyteam.ivy.persistence.keystore.type=jceks

Warning

If you configure an own AES secret key after you have already stored technical passwords for external system then those passwords can no longer be decrypted and are useless. You have to reconfigure all those passwords again!