# AES Two way password encoder ## AES Two way password encoder {% hint style="danger" %} The AES prefix is deprecated since version 2.11, use the AES2 prefix this prefix offers better cryptographic strength. Moving from AES to AES2 prefix requires you to re-generate the password strings. {% endhint %} ### Description The AES two-way password encoder plugin allows you to encrypt and decrypt passwords using a provided key string. ### Configuration The configuration of this encoder is for the whole Hop environment and can as such only be done using system properties. These properties are listed below and can also be specified as system properties with hop-run: * **`HOP_PASSWORD_ENCODER_PLUGIN`**: set this to the ID of this plugin: AES2 * **`HOP_AES_ENCODER_KEY`**: Specify the key to use to encode or decode passwords ### Noteworthy Please note that passwords are encoded with prefix `AES2` which is AES2 plus a space. This means that it’s different from standard, Hop encoded, passwords which have prefix `Encrypted` which is Encrypted plus a space. The consequence of this is that you need to encode passwords either one way or another. Mixing password encoding is not supported. ### Best practices Make sure to only use variables and parameters to specify passwords. Store the passwords in an environment using the projects plugin. This way you can store the passwords in a single file specific for the given environment (development, test, production, …​). Secure the passwords file. Even though passwords are encrypted it’s better to be safe than sorry. A password that can’t be read, encrypted or otherwise, can’t be seen in any way. So use appropriate file security on the file in which you eventually store the passwords. This advice is doubly true for the key. You can specify the key using a variable as well. ### Hop Encrypt You can test your setup by setting the variables in your environment and then by using hop-encrypt to see the output: ```highlight export HOP_PASSWORD_ENCODER_PLUGIN=AES2 export HOP_AES_ENCODER_KEY=ddsfsdfsfsdf sh hop-encrypt.sh -hop MyPassword222 AES2 696N5ATiXqU0AxdkLpN+UT67Ud5P6TMkq7OGSRc= ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.primeur.com/data-shaper-1.21/knowing-the-data-shaper-designer/passwords-and-password-plugins/aespasswords.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.