xenial (1) msencrypt.1.gz

Provided by: mapserver-bin_7.0.0-9ubuntu3.1_amd64 bug

NAME
       msencrypt - create an encryption key or encrypt portions of connection strings for use in mapfiles


SYNOPSIS
       msencrypt [-keygen file | -key file string]


DESCRIPTION
       msencrypt  can  create  an  encryption key or encrypt portions of connection strings for use in mapfiles.
       Typically you might want to encrypt portions of the CONNECTION parameter for a database connection.   The
       following CONNECTIONTYPEs are supported for using this encryption method:

       • OGR

       • Oracle Spatial

       • PostGIS

       • SDE


OPTIONS
       -keygen file
              Creates a new encryption key in file.

       -key file string
              Use the key in file to encrypt string.


NOTES
       Use in Mapfile.

       The  location of the encryption key can be specified by two mechanisms, either by setting the environment
       variable MS_ENCRYPTION_KEY or using a CONFIG directive in the MAP object of your mapfile. For example:

               CONFIG MS_ENCRYPTION_KEY "/path/to/mykey.txt"

       Use the { and } characters as delimiters for  encrypted  strings  inside  database  CONNECTIONs  in  your
       mapfile. For example:

               CONNECTIONTYPE ORACLESPATIAL
               CONNECTION "user/{MIIBugIBAAKBgQCP0Yj+Seh8==}@service"


EXAMPLE
               LAYER
                 NAME "provinces"
                 TYPE POLYGON
                 CONNECTIONTYPE POSTGIS
                 CONNECTION "host=127.0.0.1 dbname=gmap user=postgres password=iluvyou18 port=5432"
                 DATA "the_geom FROM province using SRID=42304"
                 STATUS DEFAULT
                 CLASS
                   NAME "Countries"
                   COLOR 255 0 0
                 END
               END

       Here are the steps to encrypt the password in the above connection:

       1.  Generate an encryption key (note that this key should not be stored anywhere within your web server's
           accessible directories):

               msencrypt -keygen "/home/user/mykey.txt"

       And this generated key file might contain something like:

               2137FEFDB5611448738D9FBB1DC59055

       2.  Encrypt the connection's password using that generated key:

               msencrypt -key "/home/user/mykey.txt" "iluvyou18"

       Which returns the password encrypted, at the commandline (you'll use it in a second):

               3656026A23DBAFC04C402EDFAB7CE714

       3.  Edit the mapfile to make sure the 'mykey.txt' can be found, using the "MS_ENCRYPTION_KEY" environment
           variable.  The  CONFIG  parameter  inside  the  MAP object can be used to set an environment variable
           inside a mapfile:

               MAP
                   ...
                   CONFIG "MS_ENCRYPTION_KEY" "/home/user/mykey.txt"
                   ...
               END #mapfile

       4.  Modify the layer's CONNECTION to use the generated password key, making sure to use the "{}" brackets
           around the key:

               CONNECTION "host=127.0.0.1 dbname=gmap user=postgres
                           password={3656026A23DBAFC04C402EDFAB7CE714} port=5432"

       5.  Done! Give your new encrypted mapfile a try with the shp2img(1) utility!

                                                 18 January 2017                                    msencrypt(1)