Specialized Administration > Configuring Your Windchill Environment > Configuring Password Management Options > System Password Encryption Options > Changing Keystore File Encryption
  
Changing Keystore File Encryption
The keystore file that Windchill uses for storing encrypted passwords is created during the installation process and is itself encrypted using a unique random character string that is generated for each installation.
If you have a general process that requires that you periodically change passwords (for example, to be compliant with the Sarbanes-Oxley Act (SOX)), you can choose to change the encryption on the keystore file. This encryption acts like a password and can be changed by entering the following command from a Windchill shell:
ant -f <Windchill>/bin/adminTools/sip/EncryptPasswords.xml
changeKeystoreEncryption
where <Windchill> is the Windchill installation directory.
The ant command executes a script that generates a new random character string and then encrypts the keystore file using the string. The script changes the key to the keystore that is maintained in <Windchill>/bin/adminTools/sip/ksp/sip.ksp.
* 
There is no Windchill requirement that you change the encryption on the keystore file.