If you open this document:
There is a really difficult-to-understand description of how to encrypt passwords to databases in the data import config XML:
Alternately the password can be encrypted as follows. This is the value obtained as a result of the command openssl enc -aes-128-cbc -a -salt -in pwd.txt password="U2FsdGVkX18QMjY0yfCqlfBMvAB4d3XkwY96L7gfO2o=". When the password is encrypted, you must provide an extra attribute encryptKeyFile="/location/of/encryptionkey". This file should a text file with a single line containing the encrypt/decrypt password.
Can someone help me break this into the steps that actually need to be followed?
This only works for Solr 5.1 and 6+
openssl enc -aes-128-cbc -a -salt -md md5 -in pwd.txt.-> This assumes pwd.txt is the password saved in a text file, so here is an example:
echo "my password" > pwd.txt
openssl enc -aes-128-cbc -a -salt -md md5 -in pwd.txt
enter aes-128-cbc encryption password: myencryptfilepwd
Verifying - enter aes-128-cbc encryption password: myencryptfilepwd
U2FsdGVkX1/zZp+RS3oim80coh80ARe8l+EF+w0La0TKRfNpZ4+smdokcV3zYyLm
Save the password entered above into a file: echo "myencryptfilepwd" > "/location/of/encryptionkey"
Save the /location/of/encryptionkey to the Solr server(s) and chmod 0600 to protect the contents.
Add the result of the openssl enc call to password and set the encryptKeyFile path to the DIH xml file: <dataSource driver="org.hsqldb.jdbcDriver" url="jdbc:hsqldb:./example-DIH/hsqldb/ex" user="sa" password="U2FsdGVkX1/zZp+RS3oim80coh80ARe8l+EF+w0La0TKRfNpZ4+smdokcV3zYyLm" encryptKeyFile="/location/of/encryptionkey" />
If you have done this correctly, Solr DIH should be able to use an encrypted password.