Modifying the database connection user/password via the json file in Ignition 8.3

mrupperman · February 21, 2026, 10:46pm

I am hoping to automate the install of Ignition, including creating a unique SQL Server local user per instance. I have the password securely stored within our backend, however through automation I will be retrieving it and then adding it to the config.json for the database connection. In this file, I see under the password section there are the following fields:

ciphertext
encrypted_key
iv
protected
tag

I assume this do what I need, however Im not sure how to do this. Lets say I have a plain text password and need to encrypt it in a format that I can add to this file that then Ignition can decrypt to create the connection. How would I go about this? Thanks!

Kevin.Herron · February 21, 2026, 10:49pm

You would need to have an API token and then call this endpoint to create an encrypted secret: http://localhost:8088/openapi#tag/encryption/paths/~1data~1api~1v1~1encryption~1encrypt/post

mrupperman · February 21, 2026, 11:08pm

Thanks. I will test this out, but also wondering if there is a library on the server that can be utilized, such as one of the .py files, vs calling the web url? The automation will be running on the same server Ignition is installed on. Also if using the api key approach, just add that to a post body?

pturmel · February 21, 2026, 11:34pm

Jython system calls to use the web api from the "inside" have been announced and are supposedly coming later this year.

mrupperman · February 21, 2026, 11:45pm

Ok .. Im trying to test out the api approach but I cant seem to format the api key correctly. Its a post message right? Ive tried to pass in as header, in the body and as a api token, but I always get 401?

mrupperman · February 22, 2026, 12:18am

I got this to work, but only when the Gateway Write Permissions are set to public, everything else gets a 401 on this url.

Kevin.Herron · February 22, 2026, 1:03am

Your API key needs write permissions to do pretty much anything AFAIK.

mrupperman · February 22, 2026, 1:23am

Yeah I can only get the API to work with write set to public. I cant seem to auth with the api key. What format does it need passed in?

Kevin.Herron · February 22, 2026, 1:24am

Not sure what you mean by auth.

The API key is passed in an X-Ignition-API-Token header.

This is the original post detailing how to set up API access: Ignition 8.3 API Usage Guide (via Postman)

Some docs here:

Not super clear about the write access in docs though.

mrupperman · February 22, 2026, 1:50am

Yeah Ive tried most of what is in these docs and I keep getting a 401. Ive tried in Powershell, Curl and Postman with all same results. From everything I can I have this set up correctly. Ive tried several variations of including the key, such as a param and as a header.

Powershell

$headers = @{

    "X-Ignition-API-Token" = "<api key>"
}

$test = Invoke-WebRequest -Uri "https://hostname/data/api/v1/encryption/encrypt" `

                  -Method POST `

                  -Headers $headers `

                  -Body '{"data":"testtest"}' `

                  -ContentType "application/json"

Kevin.Herron · February 22, 2026, 2:04am

Are you including the name portion of the API key you generated?

They look something like "MyKey:abcd1234..." and you need to include all of it, not just the stuff after the name.

When I set up my API keys I've always made sure the "API" security level I create had read, write, and access permissions, not just write... maybe that matters, though this endpoint in particular does require write access so not sure that's relevant.