diff --git a/en/utilities/msencrypt.txt b/en/utilities/msencrypt.txt index fa94bb5a165..046bd735ddf 100644 --- a/en/utilities/msencrypt.txt +++ b/en/utilities/msencrypt.txt @@ -18,9 +18,9 @@ Purpose ----------------------------------------------------------------------------- Used to create an encryption key or to encrypt portions of connection -strings for use in mapfiles (added in v4.10). Typically you might -want to encrypt portions of the CONNECTION parameter for a database -connection. The following CONNECTIONTYPEs are supported for using +strings for use in Mapfiles (added in v4.10). Typically you might +want to encrypt portions of the ``CONNECTION`` parameter for a database +connection. The following ``CONNECTIONTYPEs`` are supported for using this encryption method: + :ref:`OGR ` @@ -49,15 +49,22 @@ Use in Mapfile ----------------------------------------------------------------------------- The location of the encryption key can be specified by two mechanisms, either by -setting the environment variable MS_ENCRYPTION_KEY or using a CONFIG directive -in the MAP object of your mapfile. For example: +setting the variable ``MS_ENCRYPTION_KEY`` in the ``ENV`` section of the MapServer :ref:`Configuration `, or using a ``CONFIG`` directive +in the MAP object of your Mapfile. Prior to MapServer version 8.0 ``MS_ENCRYPTION_KEY`` could be set as an environment variable. + +For example you can add the following to your Mapfile: :: CONFIG MS_ENCRYPTION_KEY "/path/to/mykey.txt" +.. note:: + + As of MapServer 8.4 this can be an absolute path, or a path relative to the Mapfile. + When setting in the :ref:`Configuration ` the path must be absolute. + Use the { and } characters as delimiters for encrypted strings inside database -CONNECTIONs in your mapfile. For example: +``CONNECTION``s in your Mapfile. For example: :: @@ -117,10 +124,10 @@ it in a second): 3656026A23DBAFC04C402EDFAB7CE714 -3. Edit the mapfile to make sure the 'mykey.txt' can be found, using +3. Edit the Mapfile to make sure the 'mykey.txt' can be found, using the "MS_ENCRYPTION_KEY" environment variable. The CONFIG parameter inside the MAP object can be used to set an environment variable - inside a mapfile: + inside a Mapfile: :: @@ -138,5 +145,5 @@ it in a second): CONNECTION "host=127.0.0.1 dbname=gmap user=postgres password={3656026A23DBAFC04C402EDFAB7CE714} port=5432" -5. Done! Give your new encrypted mapfile a try with the +5. Done! Give your new encrypted Mapfile a try with the :ref:`map2img` utility!