securityUtility createLTPAKeys

The securityUtility createLTPAKeys command creates a set of LTPA keys for use by the server, or that can be shared with multiple servers. If no server or file is specified, an ltpa.keys file is created in the current working directory.

Usage example

Create LTPA keys with the mypassword password that is encrypted with Advanced Encryption Standard (AES) encryption:

securityUtility createLTPAKeys --password=mypassword --passwordEncoding=aes


Run the command from the path_to_liberty/wlp/bin directory.

securityUtility createLTPAKeys --password=pwd [options]

The password for the LTPA key. If no value is specified, you’re prompted for a value. when you run this command.


Options for the securityUtility createLTPAKeys command
Option Description


The file in which to write the LTPA keys. This option can’t be used if the --server option is specified.


Specifies how to encode the LTPA keys password in the server.xml file. Supported encoding types are xor and aes. If this option isn’t specified, a default encoding type of xor is used.

You can use the securityUtility encode --listCustom command to see if any additional custom encryptions are supported.


Specifies the key to use to encode an LTPA keys password with AES encryption. This string is hashed to produce an encryption key that is used to encrypt and decrypt the password. You can provide the key by defining the wlp.password.encryption.key variable as the key value. If this option isn’t specified, a default key is used.


Specifies the name of the Open Liberty server for which the LTPA keys are created. This option can’t be used if the --file option is specified.

Exit codes

The following exit codes are available for the securityUtility createLTPAKeys command:

Exit codes for the securityUtility createLTPAKeys command
Code Explanation


0 indicates successful completion of the requested operation.


1 indicates a generic error.


2 indicates that the server is not found.


3 indicates that the client is not found.


4 indicates that the path can not be created.


5 indicates that the file already exists.