Provided by: mapserver-bin_8.2.2-1_amd64 bug

NAME

       msencrypt  - create an encryption key or encrypt portions of connection strings for use in
       mapfiles

SYNOPSIS

       msencrypt [-keygen file | -key file string]

DESCRIPTION

       msencrypt can create an encryption key or encrypt portions of connection strings  for  use
       in mapfiles.  Typically you might want to encrypt portions of the CONNECTION parameter for
       a database connection.   The  following  CONNECTIONTYPEs  are  supported  for  using  this
       encryption method:

       • OGR

       • Oracle Spatial

       • PostGIS

       • SDE

OPTIONS

       -keygen file
              Creates a new encryption key in file.

       -key file string
              Use the key in file to encrypt string.

NOTES

       Use in Mapfile.

       The  location  of the encryption key can be specified by two mechanisms, either by setting
       the environment variable MS_ENCRYPTION_KEY or using a CONFIG directive in the  MAP  object
       of your mapfile. For example:

               CONFIG MS_ENCRYPTION_KEY "/path/to/mykey.txt"

       Use the { and } characters as delimiters for encrypted strings inside database CONNECTIONs
       in your mapfile. For example:

               CONNECTIONTYPE ORACLESPATIAL
               CONNECTION "user/{MIIBugIBAAKBgQCP0Yj+Seh8==}@service"

EXAMPLE

               LAYER
                 NAME "provinces"
                 TYPE POLYGON
                 CONNECTIONTYPE POSTGIS
                 CONNECTION "host=127.0.0.1 dbname=gmap user=postgres password=iluvyou18 port=5432"
                 DATA "the_geom FROM province using SRID=42304"
                 STATUS DEFAULT
                 CLASS
                   NAME "Countries"
                   COLOR 255 0 0
                 END
               END

       Here are the steps to encrypt the password in the above connection:

       1.  Generate an encryption key (note that this key should not be  stored  anywhere  within
           your web server's accessible directories):

               msencrypt -keygen "/home/user/mykey.txt"

       And this generated key file might contain something like:

               2137FEFDB5611448738D9FBB1DC59055

       2.  Encrypt the connection's password using that generated key:

               msencrypt -key "/home/user/mykey.txt" "iluvyou18"

       Which returns the password encrypted, at the commandline (you'll use it in a second):

               3656026A23DBAFC04C402EDFAB7CE714

       3.  Edit   the   mapfile   to   make   sure  the  'mykey.txt'  can  be  found,  using  the
           "MS_ENCRYPTION_KEY" environment variable. The CONFIG parameter inside the  MAP  object
           can be used to set an environment variable inside a mapfile:

               MAP
                   ...
                   CONFIG "MS_ENCRYPTION_KEY" "/home/user/mykey.txt"
                   ...
               END #mapfile

       4.  Modify  the  layer's  CONNECTION to use the generated password key, making sure to use
           the "{}" brackets around the key:

               CONNECTION "host=127.0.0.1 dbname=gmap user=postgres
                           password={3656026A23DBAFC04C402EDFAB7CE714} port=5432"

       5.  Done! Give your new encrypted mapfile a try with the map2img(1) utility!

                                        02 September 2024                            msencrypt(1)