Obfuscating Passwords

As a system administrator, you define the user name and password for database connection in the [ODBC] section of the INI files of the Automation Engine and the Utilities.

Make sure that the password is obfuscated. To do so, you can use UCYBCRYP.EXE, which is located in the Tools > encrypt folder of your installation directory.


  • Obfuscating passwords hinders easy disclosure of the values but does not guarantee confidentiality.

  • The password length is limited to 32 characters.

Use the following parameters to enter the program via the command line:

UCYBCRYP[.EXE] -p -n Password

The PASSWORD.UCC file, which contains the obfuscated password, is created in the same directory. You can copy it to the relevant INI file.


ucybcryp -p -n uc4

Important! An obfuscated password is generated with two leading dashes ( ––10). In Windows, if the content of the PASSWORD.UCC file is output with the command TYPE, two exclamation marks are displayed instead of the leading hyphens; therefore, make sure to copy the password from the file. However, if the obfuscated password is not recognized correctly and you get an error message, try typing in the two leading dashes manually.

UTF-8: Handling Obfuscated Passwords

The introduction of Unicode support also has an impact on how the system handles new and already obfuscated passwords.

A new password entered in clear text, for example, through PromptSets or while creating a CONN, LOGIN, or USER object, and so on is obfuscated on the fly and stored in the AE database. The clear text password is interpreted as UTF-8 encoded text.

Important! In AWI, input fields that allow you to set a password are restricted to the character encoding allowed in the XML Parameters of the UC_SYSTEM_SETTINGS variable, see XML Parameters.

Obfuscated passwords are generated with two leading dashes, but, in previous versions, they use to have two leading hyphens. To ensure compatibility, the Automic Automation components that process obfuscated password can handle both formats.

When an obfuscated password is imported, the system automatically converts it so that it can be handled as UTF-8 encoded.

See also: