# Encrypting Passwords

## Encrypting Passwords

**Note**: The password encryption format changed in MaxScale 2.5. All encrypted passwords created with MaxScale 2.4 or older need to be re-encrypted.

There are two options for representing the password, either plain text or encrypted passwords may be used. In order to use encrypted passwords a set of keys must be generated that will be used by the encryption and decryption process. To generate the keys, use the `maxkeys` command.

```
maxkeys
```

By default the key file will be generated in `/var/lib/maxscale`. If a different directory is required, it can be given as the first argument to the program. For more information, see `maxkeys --help`.

Once the keys have been created the `maxpasswd` command can be used to generate the encrypted password.

```
maxpasswd plainpassword
96F99AA1315BDC3604B006F427DD9484
```

The username and password, either encrypted or plain text, are stored in the service section using the `user` and `password` parameters.

If a custom location was used for the key file, give it as the first argument to`maxpasswd` and pass the password to be encrypted as the second argument. For more information, see `maxkeys --help`.

Here is an example configuration that uses an encrypted password.

```ini
[My-Service]
type=service
router=readconnroute
router_options=master
servers=dbserv1, dbserv2, dbserv3
user=maxscale
password=96F99AA1315BDC3604B006F427DD9484
```

If the key file is not in the default location, the [datadir](https://mariadb.com/docs/maxscale/maxscale-management/deployment/installation-and-configuration/maxscale-configuration-guide) parameter must be set to the directory that contains it.

<sub>*This page is licensed: CC BY-SA / Gnu FDL*</sub>

{% @marketo/form formId="4316" %}