How-To Change the Default Encryption Key

Owned by Rea Ben Yossef (Unlicensed)
May 21, 2020
2 min read

By default, OpenLegacy projects contain various passwords, credentials, and tokens required to connect to backend systems, databases or other system components.

To avoid sensitive data leakage, we should avoid saving it as clear-text across projects and ecosystems.

From version 4.2.4 we introduced a new auto encryption feature, this feature works behind the scene after inserting a password in the project creation wizard.


The picture below list the sources from which we take the properties for the encryption process by descending priority:

You can see that the default key was set to be 'changeme'

There are two ways you can change it in design-time, the second way is preferred: 

  1. Add an encryption-config.yml to '[HOME_DIRECTORY]/.openlegacy' the file should be set as follows:

    For more information consider the following guide Properties Encryption.pdf

  2. The second way to add an encryption key is by setting up an Environmental Variable called OL_ENCRYPTION_KEY which value will be the encryption key


Once you set your encryption key using one of the above, the passwords are encrypted using it in the design-time. It is very important to be consistent with the key and salt values between different machines or else the passwords will be decrypted incorrectly!


One last thing will be running the project with the decryption key as a command line variable, you need to take into account that this is only for run-time and doesn't affect design time password encryption,

When running a project you will need to run the following command:


Filter by label

There are no items with the selected labels at this time.