Encrypt the H2 Database in APM Command Center

During the first installation of APM Command Center, the database is created and encrypted with an AES cipher. By default, APM Command Center immediately encrypts the database password and updates the property file with the encrypted value. Change the password in the apmccsrv.properties file after unpacking the APM Command Center package, but before starting Command Center.
apmdevops106
During the first installation of APM Command Center, the database is created and encrypted with an AES cipher. By default, APM Command Center immediately encrypts the database password and updates the property file with the encrypted value. Change the password in the
apmccsrv.properties
file after unpacking the APM Command Center package, but before starting Command Center.
After Command Center encrypts the password, you cannot decrypt it again. You must also know the existing password to change it. If you forget the password, you cannot recover it. Instead, you must delete the database and then create a new one.
3
Set Database Password During New Installation in APM Command Center
The installation package contains the same preset password for both the database file encryption and the database user. By default, password encryption is set to true when Command Center starts the database. After you unpack the APM Command Center package, but before you start Command Center, you can change the password in the configuration file.
Defaults:
spring.datasource.password=admin
spring.datasource.password.encryptAtNextStart=true
Change the password in the
apmccsrv.properties
configuration file.
Follow these steps:
  1. Open the A
    CC_HOME\config\
    apmccsrv.properties
    file.
  2. Go to the
    DataSource
    section.
  3. Set the new password in the
    spring.datasource.password
    property.
    Example:
    spring.datasource.password=<newpassword>
  4. Save your changes.
You set a new password.
Save Database Password During Database Upgrade in APM Command Center
Save the database password in a secure place after you run the upgrade tool. The upgrade tool adds new properties in the
apmccsrv.properties
file. The upgrade tool automatically encrypts the database with the existing password.
Default:
admin
Ensure that you note the existing password during this stage. After Command Center encrypts the password, you cannot decrypt it again. You must also know the existing password to change it. If you forget the password, you cannot recover it. Instead, you must delete the database and then add a new one.
Change the Password of the Encrypted Database
Change your password on an encrypted database.
Follow these steps:
  1. Stop APM Command Center.
  2. Back up the
    ACC_Home
    folder.
  3. Save the tools in the
    ACC_HOME\data
    folder.
  4. To decrypt the database, run the following command in command line:
    Verify that your database file is encrypted before you change your password. You must provide the correct password in the command. If you execute the command without the correct password or when the database is unencrypted, you damage the file. If the file is unencrypted or the password incorrect, you do not receive a warning.
    View the database file in any text editor to determine whether the database is encrypted. An encrypted H2 database file begins with
    H2encrypt
    .
    java -cp h2-1.4.193.jar org.h2.tools.ChangeFileEncryption -dir . -db acc_data_h2 -cipher AES -decrypt currentpassword
    Where:
    • currentpassword
      Is the existing password from the
      apmccsrv.properties
      file in its unencrypted form.
  5. Change the user password.
    java -cp h2-1.4.193.jar org.h2.tools.Shell -url "jdbc:h2:file:./acc_data_h2;IGNORECASE=TRUE;LOCK_TIMEOUT=20000;DB_CLOSE_DELAY=-1" -user "admin" -password "currentpassword"
    Where:
    • currentpassword
      Is the existing password from the
      apmccsrv.properties
      file in its unencrypted form.The SQL shell starts.
  6. Execute the following commands after the SQL shell starts:
    sql> ALTER USER admin SET PASSWORD 'newpassword';
    (Update count: 0, 5 ms)
    sql> quit;
    Connection closed
  7. Verify that the database file is unencrypted before you run the command.
    If the file is encrypted, you do not receive a warning. If you run the command, the file re-encrypts and becomes unusable.
    Determine if the database is encrypted in a text editor. An unencrypted H2 database begins with
    H:2
    .
  8. To encrypt the database with the new password, run the following command in command line:
    java -cp h2-1.4.193.jar org.h2.tools.ChangeFileEncryption -dir . -db acc_data_h2 -cipher AES -encrypt newpassword
    Where:
    • newpassword
      Is the new password that you set in Step 5.
  9. Update the following properties in the
    apmccsrv.properties
    file.
    spring.datasource.password=newpassword
    spring.datasource.password.encryptAtNextStart=true
    APM Command Center uses this password as both the user password and the file password. APM Command Center automatically encrypts the password when the database starts.
  10. Start APM Command Center.
You set a new password for the database. For information about troubleshooting, see Lost APM Command Center Database Password.