Welcome Guest! Log in
Stambia versions 2.x, 3.x, S17, S18, S19 and S20 are reaching End of Support January, 15th, 2024. Please consider upgrading to the supported Semarchy xDI versions. See Global Policy Support and the Semarchy Documentation.

The Stambia User Community is moving to Semarchy! All the applicable resources have already been moved or are currently being moved to their new location. Read more…

Passwords, mostly configured in Metadata by users, are encrypted to not appear in clear in the delivery files or in the logs for instance.

The key used by a Stambia DI Runtime to encrypt or decrypt passwords can be customized in configuration files.

This article demonstrates how to configure the Stambia DI Runtime to change it.

This article is dedicated to Stambia DI S17, S18, S19.

Please refer to this article if you are using Stambia DI S20 or higher.


  • Stambia DI Runtime S17.5.7 or higher



At the moment the key can be changed in Stambia DI Runtime only.

Stambia DI Designer and Stambia DI Production Analytics does not support yet generating deliveries using a custom key.

When the password ciphering key is changed in the Stambia DI Runtime, you must produce your deliveries using the builddelivery.bat / builddelivery.sh scripts.

The idea is to generate the package from the Stambia Di Designer, extract the configuration with the builddelivery.bat / builddelivery.sh scripts, specify the newly encrypted password in, and build the delivery with this configuration.

To generate the newly encrypted password, connect to the Stambia DI Runtime and use the "encrypt" command (see the reference documentation for further information about using commands in the Stambia DI Runtime.)


About the keys

The custom key that will be used to replace the default one must be placed inside a Java keystore. This key must be generated as following:

keytool -genkey -alias <dummykey> -keystore "<path to keystore>/<keystore file name>.jks"


The keystore must then be specified in the Stambia DI Runtime as explained in the following article.

Changing the key for password ciphering will then be as simple as defining which of the specified key should be used for that.



When the keystores are defined, simply uncomment the following parameter to customize the key used for password ciphering.

The value should correspond to the "name" of a key defined under a keystore node.

        <parameter name="passwordCipheringKeyName" value="runtimekey"/>


Example of corresponding keystore configuration:

    <keystore path="D:/keystores/keystore.jks" password="password" type="JKS">
        <key name="runtimekey" alias="key01" password="password"/>     



Suggest a new Article!