# MaxScale 22.08 Encrypting Passwords

## Encrypting Passwords

## Encrypting Passwords

**Note**: The password encryption format changed in MaxScale 2.5. All\
encrypted passwords created with MaxScale 2.4 or older need to be\
re-encrypted.

There are two options for representing the password, either plain text or\
encrypted passwords may be used. In order to use encrypted passwords a set of\
keys must be generated that will be used by the encryption and decryption\
process. To generate the keys, use the `maxkeys` command.

```
maxkeys
```

By default the key file will be generated in `/var/lib/maxscale`. If a different\
directory is required, it can be given as the first argument to the program. For\
more information, see `maxkeys --help`.

Once the keys have been created the `maxpasswd` command can be used to generate\
the encrypted password.

```
maxpasswd plainpassword
96F99AA1315BDC3604B006F427DD9484
```

The username and password, either encrypted or plain text, are stored in the\
service section using the `user` and `password` parameters.

If a custom location was used for the key file, give it as the first argument to`maxpasswd` and pass the password to be encrypted as the second argument. For\
more information, see `maxkeys --help`.

Here is an example configuration that uses an encrypted password.

```
[My-Service]
type=service
router=readconnroute
router_options=master
servers=dbserv1, dbserv2, dbserv3
user=maxscale
password=96F99AA1315BDC3604B006F427DD9484
```

If the key file is not in the default location, the [datadir](https://mariadb.com/kb/en/maxscale-2208-getting-started-mariadb-maxscale-configuration-guide/#datadir) parameter must be\
set to the directory that contains it.

CC BY-SA / Gnu FDL