Manage passwords

Change the encryption key password

Passwords in the Release repository are encrypted with a secret key. This password encryption key is stored in a keystore file called XL_RELEASE_SERVER_HOME/conf/repository-keystore.jceks, which is optionally protected with a password. If a password is set, you must enter it when the Release Server starts.

Note: repository-keystore.jceks is one of the two keystore concepts in Release. This keystore only contains the key used for the encryption of passwords in the repository. If you use HTTPS, Release will use a second keystore file (conf/keystore.jks) to store the self-signed certificate.

To change the keystore password, use the keytool utility that is part of the Java JDK distribution:

keytool -storepasswd -keystore conf/repository-keystore.jceks -storetype jceks

Important: The keytool utility will not read or set passwords that are shorter than 6 characters. If you want to change a keystore with an empty or short password, use KeyStore Explorer.

Change the admin user’s password

To change the password of the built-in admin user:

  1. Log in to Release as admin or as another user with the Admin global permission.
  2. In the top navigation bar, click User management.
  3. Click Users, and then click the admin user.
  4. Type a new password.
  5. Confirm the new password.
  6. Click Save.

Password strength requirements

Users can configure password strength requirements using the secret-complexity tag in the XL_RELEASE_SERVER_HOME/conf/xl-release.conf file. This will restrict users when they either create a new user or try to change their own password in the interface or API.

Password requirements

Note: This section only applies to internal users. For external users, Release has no authority or solution to manage password complexity.

To set password requirements, in xl-release.conf add a new block in security {}, using pairs of regex patterns with descriptions to define the requirements. For example:

security {
        secret-complexity {
            regex-validations = [
                ".{8,}$", "Must have at least 8 characters",
                "(?=.*\\d)", "Must contain at least 1 digit",
                "(?=.*[A-Z])", "Must contain at least 1 uppercase letter",
                "(?=.*[a-z])", "Must contain at least 1 lowercase letter",

Note: updating the password requirements will not break existing passwords, but will prevent you from using weaker passwords when updating or creating accounts.