[MQ 9.3.0 Jun 2022][UNIX, Linux, Windows, IBM i]

runmqicred (protect IBM MQ client passwords)

The runmqicred command protects passwords that are used by the IBM® MQ client libraries. For example, the TLS keystore password. It is also used to protect passwords that are used to protect log replication traffic for Native HA configurations.

Purpose

The runmqicred command prompts for the password to be encrypted to be entered. The initial key that is used to encrypt the password can be specified in a file. The path to the file that contains the initial key is specified by using one the following options, in order of priority:
  1. The -sf parameter to the runmqicred command.
  2. The MQS_MQI_KEYFILE environment variable.
If the initial key file is not specified by using either of these options, a default initial key is used to encrypt the password.
Attention: Do not use the default initial key as it does not protect passwords securely.

After the password is encrypted, runmqicred displays the encrypted password string.

Store the encrypted password in the appropriate property.
  • For IBM MQ clients, store the encrypted password in either the appropriate property of the mqclient.ini file, or the MQKEYRPWD environment variable.
  • [MQ 9.3.2 Feb 2023]For Native HA configurations, store the encrypted password in the appropriate property of the NativeHALocalInstance stanza of the qm.ini file.

Syntax

Read syntax diagramSkip visual syntax diagram runmqicred -sfkeyfile-spprotection_mode

Optional Parameters

-sf keyfile
The path to the file that contains the initial key that is used to encrypt the password. If specified, the file must contain at least one character, and only one line.
If this parameter is not specified, a default initial key is used.
-sp protection_mode
The password protection mode to be used by the command. One of the following values can be specified:
1
Use the IBM MQ 9.2.0 password protection algorithm.
2
Use the latest password protection mode. This mode is the most secure credentials protection method.
This value is the default.

Examples

>runmqicred
5724-H72 (C) Copyright IBM Corp. 1994, 2026.
Credentials are encrypted using the default encryption key. For more secure
protection of stored credentials, use a custom, strong encryption key.Enter password:
*******
<MQI>!2!+uIepF0e7O/R7CUCe/46ToTo5MucJCWgLZKCSYwLix4=!+6AG1pYrphCo/dlfSt8N3g====
>runmqicred -sf InitialKey.file
5724-H72 (C) Copyright IBM Corp. 1994, 2026.
Enter password:
*******
<MQI>!2!STHVy96FWSEwPkwNQfR2Nuoe6/uWl/EAqqylOjav9qs=!l+2y9yB/SjpzssrpGd+wJw======

Return codes

0
Command completed successfully.
1
Command completed unsuccessfully.