The CONGA AEM plugin also provides a command-line interface tool for generating new AEM crypto keys.

The generated keys are supported by AEM 6.3 and upwards.

Please note: You need to install the Java Cryptography Extension (JCE) Unlimited Strength policy files from Oracle, because Ansible uses 256 bit keys to handle encryption and decryption of the vault files. If you are using Java 8u162 or higher they are already active by default.

Download it from Maven Central:

CONGA AEM Crypto CLI tool Maven Central

Generate a set of crypto keys:

java -jar conga-aem-crypto-cli-1.9.2.jar -cryptoKeysGenerate

Generate a set of crypto keys and encrypt them using Ansible Vault with the given password:

java -Dansible.vault.password=mypassword -jar conga-aem-crypto-cli-1.9.2.jar \
    -cryptoKeysGenerate -cryptoKeysAnsibleVaultEncrypt

Encrypt a file with Ansible Vault:

java -Dansible.vault.password=mypassword -jar conga-aem-crypto-cli-1.9.2.jar \
    -ansibleVaultEncrypt <file>

Decrypt a file with Ansible Vault:

java -Dansible.vault.password=mypassword -jar conga-aem-crypto-cli-1.9.2.jar \
    -ansibleVaultDecrypt <file>

Back to top

Version: 1.9.3-SNAPSHOT. Last Published: 2019-10-21.