Skip to main content

Defining a new ActiveMQ Password

The ActiveMQ cxuser account password is stored in the Checkmarx SAST 9.0 Database. To change the default password, the encryption secret must be changed as well. To change the password and the encryption secret, follow the instructions below.

1. Open MSSQL Server Management Studio.

2. Connect to the SQL server.

3. Go to6436182286.png Databases > 6436182289.png CxDB > 6436182286.png Tables.


4. Under 6436182286.png Tables, navigate to [CxDB].[dbo].[CxComponentConfiguration].

5. Enter the desired AMQ password (for example MyPassword ) in plain text as follows:

  • Update [CxDB].[dbo].[CxComponentConfiguration] set [Value] = ‘MyPassword’ where [Key] = 'MessageQueuePassword'.

  • Restart the IIS Service and browse to the Checkmarx portal to force the clear text password to be encrypted.

  • Enter cmd in the Windows search field to open the command prompt.

  • Change the value of environment variable ACTIVEMQ_ENCRYPTION_PASSWORD to the desired secret in plain text (for example CxSecret ):




After setting a new environment variable, it is best to restart your machine in order to make sure that ActiveMQ process will load the new value.

6. Run the standard ActiveMQ utility to encrypt the secret by using the previously selected password:

> cd <Checkmarx Install Folder>\Checkmarx ActiveMQ\bin > activemq encrypt --password CxSecret --input MyPassword

7. Copy the encrypted password from the output (yellow fonts in the example below).


8. Navigate to C:\Program Files\Checkmarx\Checkmarx ActiveMQ\conf\

9. Open and edit the password variable by changing the value between the brackets () to the new encrypted text.

10. Restart Checkmarx ActiveMQ service .

11. Navigate to table: [Config].[CxEngineConfigurationKeysMeta]

12. Update the AMQ password for the Engine configuration as follows:

Update [CxDB].[Config].[CxEngineConfigurationKeysMeta] set [DefaultValue] = (SELECT TOP 1 [Value] FROM [CxDB].[dbo].[CxComponentConfiguration] where [Key] = 'MessageQueuePassword') where [KeyName]='MESSAGE_QUEUE_PASSWORD'

To update the new AMQ password in the environment variables:

1. Retrieve the new encrypted password:

SELECT TOP 1 [Value] FROM [CxDB].[dbo].[CxComponentConfiguration] where [Key] = 'MessageQueuePassword'

2. Set environment variables

setx MessageQueuePassword <retrieved_password> /m setx CX_ES_MESSAGE_QUEUE_PASSWORD <retrieved_password> /m

3. Restart the Checkmarx Services (+ CxEngineService)

CXSAST Linux Server (9.3 and up)

1. Replace the password in the container environment file - server.env (provided with the package)


2. Recreate the container in order to update the new AMQ password environment variable - run the "" script (supplied within the package)

Multiple engines: Copy and paste the updated server.env file to the relevant Linux engine servers and recreate the containers in order to update the new AMQ password environment variable.