Let's say you have your WebSphere admin password defined in plaintext in certain properties files, such as in the soap.client.props file.

com.ibm.SOAP.loginPassword=itsasecret

The PropFilePasswordEncoder.sh (Linux) or PropFilePasswordEncoder.bat (Windows) script can be used to XOR encode the password. Here is an example of how you would XOR encode the password in the soap.client.props file.

${WAS_INSTALL_ROOT}/profiles/your_profile/bin/PropFilePasswordEncoder.sh ${WAS_INSTALL_ROOT}/profiles/your_profile/properties/soap.client.props com.ibm.SOAP.loginPassword

After the PropFilePasswordEncoder script completes, if you re-check the soap.client.props file, you should see something like this.

com.ibm.SOAP.loginPassword={xor}Gi16ABcdAApuAB=

It's important to recognize that this is "security through obsecurity", which is not real security at all. The XOR encoded password can easily be reverse engineered back it the original plain text password.

The following Java command can then be used to decode the XOR passwords into cleartext.

java -classpath /opt/WebSphere/AppServer/plugins/*:/opt/WebSphere/AppServer/lib/* com.ibm.ws.security.util.PasswordDecoder {xor}Gi16ABcdAApuAB=

Which should return something like this.

encoded password == "{xor}Gi16ABcdAApuAB=", decoded password == "itsasecret"