HOW TO: Use the SCRAM-SHA-256 encryption algorithm to store passwords in a PostgreSQL database version 12.4 or later

Version 2

    When you install a new Secure Agent, by default, the SCRAM-SHA-256 algorithm is used for user password encryption in the PostgreSQL database.

     

    For existing Secure Agents, a plain text password is used for authentication over the wire. Perform the following steps to use the SCRAM-SHA-256 encryption algorithm to store passwords in a PostgreSQL database version 12.4 or later:

    1. Stop the Process Server and the PostgreSQL database.
    2. Navigate to the following directory:
      <Secure Agent installation directory>\apps\process-engine\data\PostGreSql\Data
    3. Create or edit the user.conf file to add the following property:
      password_encryption = scram-sha-256
    4. Save the user.conf file.
    5. Open the pg_hba.conf file. Under the METHOD column, replace the value password with scram-sha-256.
    6. Save the pg_hba.conf file.
    7. Start the PostgreSQL database.
    8. Connect to the database and update the password of the user bpeluser so that the password gets stored in the database with scram-sha-256 encryption.
      1. Navigate to the following directory:
        Windows: <Secure Agent installation directory>\apps\process-engine\data\db\postgresql-windows-x64-binaries\pgsql\bin
        Linux: <Secure Agent installation directory>\apps\process-engine\data\db\postgresql-linux-x64-binaries\pgsql\bin
      2. Run the following command:
        psql.bat -U bpeluser -d activevos
      3. Run the following command:
        ALTER USER bpeluser WITH PASSWORD 'bpel';
        where bpeluser and bpel are the default user name and password
    9. Start the Process Server.