3.13.4. EncryptedSecret Previous topic Parent topic Child topic Next topic

EncryptedSecret is an optional parameter that enables encryption and decryption of Gossip messages. EncryptedSecret stores the key in an encrypted format and thus it is preferable to use it instead of Secret.
The format is n,{method}encrypted-value where:
  • n is key index. The valid values are from 1 and 65535. The key index cannot be 0, it is a reserved value and an error is logged if 0 is used.
  • method is the encryption method. Currently, there is one supported method, rcrypt
  • encrypted-value is the key encrypted with the encryption method
Using EncryptedSecret requires the following Perl modules:
  • Crypt::GCM
  • Crypt::Rijndael
CAUTION
If none of the EncryptedSecret parameters can be successfully parsed and decrypted, Gossip does not work and logs an error.
Here is an example of using EncryptedSecret:
<GossipUDP>
    # EncryptedSecret also works with GossipREDIS clause
    EncryptedSecret 1,{rcrypt}OjJXcK4bIA8sJERMzD2R0/Gx
    EncryptedSecret 2,{rcrypt}GyqZa52CYTRwsFqYQvsHNWbc
    EncryptedSecret 3,{rcrypt}I1vIkmow6FgLJyg5/pMfOOv2
</GossipUDP>