securityUtility createLTPAKeys

The securityUtility createLTPAKeys command creates a set of LTPA keys for use by the server, or that can be shared with multiple servers. If no server or file is specified, an ltpa.keys file is created in the current working directory.

Usage example

Create LTPA keys with the mypassword password that is encrypted with Advanced Encryption Standard (AES) encryption:

securityUtility createLTPAKeys --password=mypassword --passwordEncoding=aes


Run the command from the path_to_liberty/bin directory.

securityUtility createLTPAKeys --password=pwd [options]

The LTPA keys password. If no value is specified, then you’re prompted for a value.


One or more optional parameters.


Option Description


The file in which to write the LTPA keys. This option can’t be used if the --server option is specified.


Specifies how to encode the LTPA keys password in the server.xml file. Supported encoding types are xor and aes. If this option isn’t specified, a default encoding type of xor is used.

You can use the securityUtility encode --listCustom command to see if any additional custom encryptions are supported.


Specifies the key to use to encode an LTPA keys password with AES encryption. This string is hashed to produce an encryption key that is used to encrypt and decrypt the password. You can provide the key by defining the wlp.password.encryption.key variable as the key value. If this option isn’t specified, a default key is used.


Specifies the name of the Open Liberty server for which the LTPA keys are created. This option can’t be used if the --file option is specified.