Managing encrypted passwords in Release

Release provides a mechanism to automatically encrypt passwords and enables you to refer to them, so you do not need to store third-party passwords in plain text in configuration files. To declare a new third-party password:

To automatically encrypt passwords:

  1. Add the password to the XL_RELEASE_SERVER_HOME/conf/xl-release-server.conf file:

    Note: The key must end with .password.

  2. Restart Release. The password will automatically be encrypted in the xl-release-server.conf file.{aes\:v0}vEWwVYoSXqKXW+1Zro5u4KwFiMfsQJ0TJBeTsmtXgv8\=
  3. Use the password in Spring configuration files. For example, if you declare ldap.xlrelease.password in the xl-release-server.conf file, then you can use it in the XL_RELEASE_SERVER_HOME/conf/xl-release-security.xml file:

    <bean id="ldapServer" class="">
        <property name="password" value="${ldap.xlrelease.password}"/>

Using the password in an Integration plugin

This example shows you how to use the password in your plugin.

To begin, you need to add two classes to the plugin:


The XlrConfig class allows you to access the password value stored in the xl-release-server.conf file. Whereas, the PasswordEncrypter class enables you retrieve the password in plain text.

To use the passwords in your plugin script:

  1. Add the password to the release-server.conf file :
  1. When you restart the server, the password will be stored as an encrypted string. For example:
  1. To retrieve the encrypted password value:
myTemp = XlrConfig.getInstance().getConfig(“acme.password”);
  1. To retrieve the plain text password value:
myClearPassword = PasswordEncrypter.getInstance().decrypt(myTemp);