Skip to main content

Encrypting passwords for Data Services and Routes

The Talend ESB Runtime provides a utility to enable you to encrypt passwords for Data Services and Routes. You can there after use the encrypted values in Talend Studio for Data Services and Routes that act as clients, or in the .cfg files for the same type of artifacts.
Information noteNote: This feature is available from Talend Runtime 8.0.1-R2025-08 onwards.

Follow these steps to use this utility:

  1. Start the Talend Runtime Container.
  2. Install the tesb-daikon-encryptor-command feature in the container:
    karaf@trun()>feature:install tesb-daikon-encryptor-command
  3. Get an encrypted string for 'tadmin' for example by entering the following command in the container:
    karaf@trun()> tesb:encrypt-daikon tadmin
    You will get the following result:
    enc:routine.encryption.key.v1:j3GdW2HSktLV3U/p3QlCdq3GXzqW0DnHgGFEOwmJ+DCV

It’s possible to not use the default encryption key by using the Java system property encryption.keys.file:

  1. Stop Talend Runtime.
  2. Execute the following command in a command line window:
    export EXTRA_JAVA_OPTS=-Dencryption.keys.file=<PATH>/keys.properties

    Alternatively, you can set it as an environment variable.

  3. Restart Talend Runtime.

    Every deployed Studio artifact will now use the last key in <PATH>/keys.properties. The tesb:encrypt-daikon command will also encrypt text based on that key.

    For example, if the keys.properties is as follows, routine.encryption.key.v2 will be the key used to decrypt by the client Routes and encrypt by the tesb:encrypt-daikon command.
    routine.encryption.key.v1=YBoRMn8gwD1Kt3CcowOiGeoxRbC2eNNVm7Id6vA3hrk\=
    routine.encryption.key.v2=9Op2L0vcvvUwcmi/K48Aud9sNxy1PshRHMeygowjmRU\=

    If you keep the encryption.keys.file value but modify its content, Talend Runtime must be restarted for the changes to take effect.

To generate encryption keys, you can use the following Java code:

import java.util.Base64;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
...
KeyGenerator keyGen = KeyGenerator.getInstance("AES");
keyGen.init(256);
SecretKey aesKey = keyGen.generateKey();
String encodedKey = Base64.getEncoder().encodeToString(aesKey.getEncoded());
System.out.println("Generated AES Key (Base64): " + encodedKey);

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – please let us know!