This documentation is for WSO2 Carbon 4.4.3. View documentation for the latest release.
Using Symmetric Encryption - Carbon 4.4.3 - WSO2 Documentation
Due to a known issue do not use JDK1.8.0_151 with WSO2 products. Use JDK 1.8.0_144 until JDK 1.8.0_162-ea is released.
Skip to end of metadata
Go to start of metadata

WSO2 Carbon-based products uses asymmetric encryption by default as explained in the previous section. From Carbon 4.4.3 onwards, you have the option of switching to symmetric encryption in your WSO2 product. Using symmetric encryption means that a single key will be shared for encryption and decryption of information. 

Follow the steps given below to enable symmetric encryption.

  1. Open the carbon.xml file from the <PRODUCT_HOME>/repository/conf directory.
  2. Add the following properties:

    • The IsEnabled property is used to set symmetric encryption to 'true' or 'false'.

    • The Algorithm property specifies the symmetric key algorithm used.
    • The SecureVaultAlias property is used to specify the secret alias if secure vault has been used to encrypt the secret key.
  3. Create a file named '' in the <PRODUCT_HOME>/repository/resources/security folder and enter the symmetric key using the symmetric.key property. See the following example where a plain text key is entered in the file:


    If Secure Vault has been used for encrypting the symmetric key, this value will be replaced by the secret alias as shown below. For detailed instructions on how the secret key can be encrypted using Secure Vault, see Encrypting Passwords with Cipher Tool.

  • No labels