The fglpass tool allows you to encrypt passwords.


fglpass [options]
  1. options are described in fglpass options.


Table 1. fglpass options
Command Description
-V Displays version information of the tool.
-Vssl Displays OpenSSL version.
-h Displays options for the tool.
-e Encrypt the password with a RSA key or certificate and encode it in BASE64 form.
-d Decode the BASE64 form of the password and decrypt it with a RSA private key.
-w cert Windows® certificate name to encrypt the password (Windows only)
-c cert File of the PEM-encoded certificate to encrypt the password.
-k key File of the PEM-encoded private key to encrypt or decrypt the password.
-enc64 file File to be BASE64 encoded (result to stdout)
-dec64 file BASE64 encoded file to be decoded (result to stdout)
-agent:port files Start password agent on specified port to serve the list of private key files.
-gid When executing fglpass in agent mode (with -agent option), allows authentication to be performed for all users belonging to the group of current users executing the command.

This option requires the FGLPROFILE entry security.global.agent.gid=true for fglrun.


The fglpass command line tool allows you to:
  • Encrypt a password using a RSA key or X.509 certificate and encode it in BASE64 form.
  • Run a password agent that returns (in a protected way) the passwords that grant access to the different private keys used in all your applications.
  • Encode a file in BASE64 form and decode it back.

For security reasons, it is recommended to avoid storing clear passwords in a file, or leave private keys unprotected without a password. The fglpass command can be used to encrypt passwords.