This documentation is for WSO2 API Manager 2.6.0. View documentation for the latest release.

All docs This doc

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Added a warning


  1. If you are using the Cipher tool for the first time in your environment, you must first enable the Cipher tool by executing the -Dconfigure command with the cipher tool script: 
    Note that the cipher tool uses the RSA encryption algorithm by default.

    1. Open a terminal and navigate to the <API-M_HOME>/bin directory.
    2. Execute one of the following commands to start the cipher tool:


      Do not combine the following commands and run them as a single command.

      • To use the cipher tool with the RSA encryption algorithm.

        • On Linux: ./ -Dconfigure

        • On Windows: ./ciphertool.bat -Dconfigure
          If you are using the Cipher tool for the first time, this command first initializes the tool for your product.

      • To use the cipher tool with any other encryption algorithm.

        • Support for any encryption algorithm other than RSA with the cipher tool is not supported out-of-the-box.

        • You need to get the latest product updates for your product to use this feature in the current version of WSO2 API-M. This feature is available as a product update from August 26, 2019 onwards.


          Note that you can deploy updates in a production environment only if you have a valid subscription with WSO2. Read more about WSO2 Updates.

        <encryption-algorithm>Make sure that the algorithm mentioned in the <API-M_HOME>/repository/conf/  file is the same as the value given when starting the cipher tool. Example:  RSA/ECB/OAEPwithSHA1andMGF1Padding

        • On Linux: ./ -Dorg.wso2.CipherTransformation=<encryption-algorithm>

          • Example: ./ -Dorg.wso2.CipherTransformation=RSA/ECB/OAEPwithSHA1andMGF1Padding

        • On Windows: ./ciphertool.bat -Dorg.wso2.CipherTransformation=<encryption-algorithm>

  2. When prompted, enter the primary key password, which is by default wso2carbon
    Enter the password and proceed.
  3. When prompted, enter the plain text password that you want to encrypt. 
    Enter the following element as the password and proceed.

    Code Block
    Enter Plain Text Value :admin

    Now, you will receive the encrypted value.

    Code Block
    Encrypted value is: 
  4. Start WSO2 API-M and sign in to the management console:
    1. Open a terminal and navigate to the <API-M_HOME>/bin directory.
    2. Execute one of the following scripts:
      • On Windows: wso2server.bat --run
      • On Linux/Mac OS: sh
    3. Sign in to the management console.
  5. Select Browse under Resources to access the registry browser and go to the  /_system/config/repository/ components/secure-vault location.

  6. Add the aliases and the encrypted value as a property.