msencrypt(1) | msencrypt(1) |
msencrypt - create an encryption key or encrypt portions of connection strings for use in mapfiles
msencrypt
[-keygen file | -key file string]
msencrypt can create an encryption key or encrypt portions of connection strings for use in mapfiles. Typically you might want to encrypt portions of the CONNECTION parameter for a database connection. The following CONNECTIONTYPEs are supported for using this encryption method:
Use in Mapfile.
The location of the encryption key can be specified by two mechanisms, either by setting the environment variable MS_ENCRYPTION_KEY or using a CONFIG directive in the MAP object of your mapfile. For example:
CONFIG MS_ENCRYPTION_KEY "/path/to/mykey.txt"
Use the { and } characters as delimiters for encrypted strings inside database CONNECTIONs in your mapfile. For example:
CONNECTIONTYPE ORACLESPATIAL
CONNECTION "user/{MIIBugIBAAKBgQCP0Yj+Seh8==}@service"
LAYER
NAME "provinces"
TYPE POLYGON
CONNECTIONTYPE POSTGIS
CONNECTION "host=127.0.0.1 dbname=gmap user=postgres password=iluvyou18 port=5432"
DATA "the_geom FROM province using SRID=42304"
STATUS DEFAULT
CLASS
NAME "Countries"
COLOR 255 0 0
END
END
Here are the steps to encrypt the password in the above connection:
msencrypt -keygen "/home/user/mykey.txt"
And this generated key file might contain something like:
2137FEFDB5611448738D9FBB1DC59055
msencrypt -key "/home/user/mykey.txt" "iluvyou18"
Which returns the password encrypted, at the commandline (you'll use it in a second):
3656026A23DBAFC04C402EDFAB7CE714
MAP
...
CONFIG "MS_ENCRYPTION_KEY" "/home/user/mykey.txt"
...
END #mapfile
CONNECTION "host=127.0.0.1 dbname=gmap user=postgres
password={3656026A23DBAFC04C402EDFAB7CE714} port=5432"
09 December 2020 |