Apache Geode CHANGELOG

Encrypting Passwords for Use in cache.xml

Apache Geode provides a gfsh utility to generate encrypted passwords.

You may need to specify an encrypted password in cache.xml when configuring JNDI connections to external JDBC data sources. See Configuring Database Connections Using JNDI for configuration examples.

The cache.xml file accepts passwords in clear text or encrypted text.

To generate an encrypted password, use the encrypt password command in gfsh. The following example shows a sample command invocation and output (assuming my_password is the actual password for the data source). After you start gfsh, enter the following command:

gfsh>encrypt password --password=my_password

Copy the output from the gfsh command to the cache.xml file as the value of the password attribute of the jndi-binding tag embedded in encrypted(), just like a method parameter. Enter it as encrypted, in this format:


To use a non-encrypted (clear text) password, put the actual password as the value of the password attribute of the jndi-binding tag, like this: