When viewing the seed file with the sm_edit utility, add the following line (including #) as the first line in the seed file to direct sm_edit to encrypt the authentication and privacy passwords in the file:

#<encrypted seed>:1.0:AUTHPASS,PRIVPASS

When you close the seed file, sm_edit will automatically encrypt the authentication and privacy passwords in the file.

To determine whether a password in a seed file has been encrypted, look for the prefix <E-1.0> in the password. If <E-1.0> is present, the password is encrypted; if <E-1.0> is not present, the password is plain text. Although seed files that contain plain-text passwords are supported, they are not recommended.

The sm_edit utility does not encrypt a password that is already encrypted, which is determined by the presence of the <E-1.0> prefix. Once a password is encrypted, you cannot use sm_edit to decrypt the password. If you want to change an encrypted password, you must delete the password, including the <E-1.0> prefix, type the new password, and then save the file.

During the installation of the IP Manager, the installation program uses the case-sensitive secret phrase Not a secret to create a secret key, which is to be used by sm_edit and other VMware Smart Assurance utilities to encrypt passwords. The secret phrase and secret key, themselves, are encrypted and stored in the BASEDIR/local/conf/imk.dat file. After the installation, an VMware Smart Assurance administrator should use the sm_rebond utility to change the secret phrase and secret key.

The VMware Smart Assurance System Administration Guide provides information about sm_rebond and VMware Smart Assurance encryption.