Decrypt Weblogic passwords

How to decrypt passwords stored by Weblogic

If you ever forget your DB password, Weblogic server password or any other credentials that was entered in the Weblogic console, there is an easy way to get it decrypted using Weblogic scripting.

Encrypted passwords for data-sources can be found under $DOMAIN_HOME/config/jdbc folder.

e.g., 
<password-encrypted>{AES}ceBOdxgwjj3c7VLVSEqsHlAtWU7ov80fOXqgJpg6YIE=</password-encrypted>

Create a new file decrypt.py with the below content and run it as follows

wlst.sh decrypt.py $DOMAIN_HOME $ENCRYPTED_PASSWORD

e.g.,

/fmw/middleware/wlserver_10.3/common/bin/wlst.sh /users/pras/work/decryptPassword.py /fmw/middleware/user_projects/domains/basedomain "{AES}V4KtKYakcSNzIYf6ER4NlPn1234C9RbDzyqbdy0Vec="

File: decrypt.py 

import os
import weblogic.security.internal.SerializedSystemIni
import weblogic.security.internal.encryption.ClearOrEncryptedService

def decrypt(domainHomeName, encryptedPwd):
    domainHomeAbsolutePath = os.path.abspath(domainHomeName)
    encryptionService = weblogic.security.internal.SerializedSystemIni.getEncryptionService(domainHomeAbsolutePath)
    ces = weblogic.security.internal.encryption.ClearOrEncryptedService(encryptionService)
    clear = ces.decrypt(encryptedPwd)
    print "RESULT:" + clear


try:
    if len(sys.argv) == 3:
        decrypt(sys.argv[1], sys.argv[2])
    else:
        print "INVALID ARGUMENTS"
        print " Usage: java weblogic.WLST decryptPassword.py  "
        print " Example:"
        print " java weblogic.WLST decryptPassword.py D:/Oracle/Middleware/user_projects/domains/base_domain {AES}819R5h3JUS9fAcPmF58p9Wb3syTJxFl0t8NInD/ykkE="
except:
    print "Unexpected error: ", sys.exc_info()[0]
    dumpStack()
    raise