The CONGA AEM plugin also provides a command-line interface tool for generating new AEM crypto keys.

The generated keys are supported by AEM 6.3 and upwards.

Please note: You need to install the Java Cryptography Extension (JCE) Unlimited Strength policy files from Oracle, because Ansible uses 256 bit keys to handle encryption and decryption of the vault files. If you are using Java 8u162 or higher they are already active by default.

Download

Download it from Maven Central:

CONGA AEM Crypto CLI tool Maven Central

Generate AEM crypto keys

Generate a set of crypto keys:

java -jar conga-aem-crypto-cli-2.20.0.jar -cryptoKeysGenerate

Generate a set of crypto keys and encrypt them using Ansible Vault with the given password:

java -Dansible.vault.password=mypassword -jar conga-aem-crypto-cli-2.20.0.jar \
    -cryptoKeysGenerate -cryptoKeysAnsibleVaultEncrypt

Encrypt a file with Ansible Vault:

java -Dansible.vault.password=mypassword -jar conga-aem-crypto-cli-2.20.0.jar \
    -ansibleVaultEncrypt <file>

Decrypt a file with Ansible Vault:

java -Dansible.vault.password=mypassword -jar conga-aem-crypto-cli-2.20.0.jar \
    -ansibleVaultDecrypt <file>

Encrypt and decrypt values using AEM crypto support

Encrypt string using AEM crypto support and a given key:

java -jar conga-aem-crypto-cli-2.20.0.jar \
     -cryptoAesKey <path to master file> -aemCryptoEncrypt <value>

Decrypt string using AEM crypto support and a given key:

java -jar conga-aem-crypto-cli-2.20.0.jar \
     -cryptoAesKey <path to master file> -aemCryptoDecrypt <encrypted value>

Back to top

Version: 2.20.1-SNAPSHOT. Last Published: 2024-12-09.