Wednesday, March 14, 2018

Setup Secure Vault in WSO2 ESB


  • Go to the your ESB home/bin directory 
  • Execute command “ciphertool.bat -Dconfigure” as mentioned below

You should be getting the below outcome of it. It will ask you the password for Carbon server, please provide "wso2carbon"


C:\Work\WSO2\wso2esb-4.9.0\repository\conf\security>ciphertool.bat -Dconfigure
'ciphertool.bat' is not recognized as an internal or external command,
operable program or batch file.

C:\Work\WSO2\wso2esb-4.9.0\repository\conf\security>cd ciphertool.bat
The system cannot find the path specified.

C:\Work\WSO2\wso2esb-4.9.0\repository\conf\security>cd C:\Work\WSO2\wso2esb-4.9.0\bin

C:\Work\WSO2\wso2esb-4.9.0\bin>ciphertool.bat -Dconfigure
'ant' is not recognized as an internal or external command,
operable program or batch file.
Using CARBON_HOME:   C:\Work\WSO2\wso2esb-4.9.0
Using JAVA_HOME:    C:\Program Files\Java\jdk1.8.0_151
[Please Enter Primary KeyStore Password of Carbon Server : ]

Primary KeyStore of Carbon Server is initialized Successfully

Protected Token [UserManager.AdminUser.Password] is updated in repository/conf/user-mgt.xml successfully

Protected Token [Carbon.Security.KeyStore.KeyPassword] is updated in repository/conf/carbon.xml successfully

Protected Token [Server.Service.Connector.keystorePass] is updated in repository/conf/tomcat/catalina-server.xml successfully

Protected Token [Carbon.Security.TrustStore.Password] is updated in repository/conf/carbon.xml successfully

Protected Token [Carbon.Security.KeyStore.Password] is updated in repository/conf/carbon.xml successfully

Protected Token [Datasources.WSO2_CARBON_DB.Configuration.Password] is updated in repository/conf/datasources/master-datasources.xml successfully


Encryption is done Successfully


Encryption is done Successfully


Encryption is done Successfully


Encryption is done Successfully


Encryption is done Successfully


Encryption is done Successfully


Secret Configurations are written to the property file successfully

C:\Work\WSO2\wso2esb-4.9.0>


Once you get above message, you can now add secure vault from ESB console UI.