What is the password hash format used in the exported XML configuration file?

LucasScharenbroich · ‎05-03-2017

I am trying to set up some preconfigured XML configuration files to support an automated deployment of ArcGIS Server (and Portal) that uses the /ACCOUNT=UseConfigFile /CONFIGPATH=my_config.xml installer command line options.

I have an XML file that I saved from a previous install and was hoping to use that as a template. However, the password field of the XML file appears to be stored as a base64-encoded hashed value. See examples below.

Is there any documentation on exactly how a password in encoded in this file?

Also related, the XML configuration file for Portal also encodes the password, but appears to use a different technique. Is there any documentation on the Portal configuration file as well?

If there is a different approach to setting up deployment configurations without having to store plain-text credentials, I'm open to suggestions.

Example ArcGIS Server XML config file

<ArcGISServerServiceUserName>domain\webgis</ArcGISServerServiceUserName>

<ArcGISServerServicePassword>AgAAADAAAAAuaGNuU2Niq1ZpNjY5MmNaWXZOc3ZjRHNSMEhIadpo2G5oWVNkbAgzVkxVN1V9KgA= </ArcGISServerServicePassword>

</ServerConfigurationUtility>

Example Portal XML config file

<UserName>domain\webgis</UserName>

</ConfigurationUtility>

JonathanQuinn · ‎05-03-2017

I can't imagine how to decrypt an encrypted password for a service account would ever be documented. If the password changes, you should create a new configuration file or use Chef where you can control the deployment of your site.

LucasScharenbroich · ‎05-03-2017

I'm not trying to decrypt an existing password.

I'm using DSC for the deployment (versus chef), and I want to take a known password and hash it into the correct format so that it can be used in the config.xml file during the ArcGIS Server installation.

Hopefully that makes things a bit clearer.