Update instructions on how to set up a dynamic encrypted password (#1593

)
neo4j · May 3, 2024 · 00e0163 · 00e0163
1 parent ecff3de
commit 00e0163
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/modules/ROOT/pages/security/ssl-framework.adoc b/modules/ROOT/pages/security/ssl-framework.adoc
@@ -921,7 +921,7 @@ If hardcoding of clear text private key password is not feasible due to security
 ----
 echo "password123" > passwordfile
 
-openssl aes-256-cbc -a -salt -in passwordfile -out password.enc -pass file:certificate.crt
+base64 -w 0 certificate.crt | openssl aes-256-cbc -a -salt -in passwordfile -out password.enc -pass stdin
 ----
 +
 [NOTE]
@@ -933,15 +933,15 @@ Delete the password file and set file permissions for `password.enc` to `400` (e
 +
 [source]
 ----
-openssl aes-256-cbc -a -d -in password.enc -pass file:certificate.crt
+base64 -w 0 certificate.crt | openssl aes-256-cbc -a -d -in password.enc -pass stdin
 ----
 
 . Set the neo4j.conf `dbms.ssl.policy.<type>.private_key_password` to be able to read out encrypted password.
 To adjust paths to cert and encrypted password file, use full paths:
 +
 [source]
 ----
-dbms.ssl.policy.bolt.private_key_password=$(openssl aes-256-cbc -a -d -in password.enc -pass file:certificate.crt)
+dbms.ssl.policy.bolt.private_key_password=$(base64 -w 0 certificate.crt | openssl aes-256-cbc -a -d -in password.enc -pass stdin)
 ----
 
 [NOTE]