Updating the RabbitMQ Encrypted Password
The RabbitMQ password is encrypted while installing ThingWorx Flow using the installer. To change the RabbitMQ encrypted password, complete the following steps:
1. In the <ThingWorx_Flow_Install_Location>\modules\RabbitMQ\definitions.json file, update the value of the password parameter with the new password.
2. Complete the following steps to modify the QUEUE.ADAPTERS.AMQP.CONFIG.credentials parameter with the updated RabbitMQ password:
a. The value of the secret parameter is used to decrypt the keyfile-key. To obtain the value of the secret parameter, start Command Prompt as Administrator on the machine where you installed ThingWorx Flow, and run the following commands:
a. pm2 ls
Make note of the value of the ID of any ThingWorx Flow service.
b. pm2 env <id>
, where <id> is the ID of any ThingWorx Flow service. For example: The ID of the flow-api service.
c. Copy the value of the CONFIG_IMAGE variable. This is the value of the secret parameter. This is the value of the secret parameter that you need to provide in step 3.
b. Run the following commands to decrypt the key file:
i. Navigate to the <ThingWorx_Flow_Install_Location>.
ii. Run the following commands:
cd <ThingWorx_Flow_Install_Location>\cryptography\tw-security-common-nodejs
Windows: npm link or Linux: sudo npm link
iii. Run the following command to decrypt the keyfile-key to a temporary file:
node dist\PtcOrchKeyFileTool.js --secret <CONFIG_IMAGE value> --keyfile-location <ThingWorx_Flow_Install_Location>\misc\keyfile-key --plaintext <ThingWorx_Flow_Install_Location>\cryptography\keys.json --encrypted <ThingWorx_Flow_Install_Location>\cryptography\keys.enc decrypt
This command creates a new, decrypted keys.json file under the <ThingWorx_Flow_Install_Location>\cryptography\ folder.
iv. In the keys.json file, for the QUEUE.ADAPTERS.AMQP.CONFIG.credentials parameter, modify the value that appears after the ThingWorx Flow user name with the updated RabbitMQ password.
For example: "QUEUE.ADAPTERS.AMQP.CONFIG.credentials":"flowuser:7153f1145576c9d239db324581f6cadd"
, where flowuser is the ThingWorx Flow user name, and you need to replace 7153f1145576c9d239db324581f6cadd with your updated password.
v. Make a backup of the <ThingWorx_Flow_Install_Location>\cryptography\keys.enc file.
vi. Delete the <ThingWorx_Flow_Install_Location>\cryptography\keys.enc file.
vii. Run the following command to create the new encrypted keys.enc file:
node dist\PtcOrchKeyFileTool.js --secret <CONFIG_IMAGE value> --keyfile-location <ThingWorx_Flow_Install_Location>\misc\keyfile-key --plaintext <ThingWorx_Flow_Install_Location>\cryptography\keys.json --encrypted <ThingWorx_Flow_Install_Location>\cryptography\keys.enc encrypt
viii. Delete the decrypted keys.json file.
3. Follow the steps
here to set the
encrypt.queue.password value in the
ThingWorx Foundation keystore.
4. Restart the RabbitMQ, ThingWorx-Flow, and ThingWorx-Foundation services.