In newer versions (2.5.xx ) of grouperClient.jar, it doesn’t look like the “encrypt.key” parameter is recognized if the value for GROUPER_CLIENT_WS_PASSWORD is set to the path of the file with the encrypted password. It results in the following error:
 
 

 Error with grouper client, check the logs: Property encrypt.key in properties file: grouper.client.properties, has a blank value, it is required 

Jul 08, 2021 10:13:02 AM edu.internet2.middleware.grouperClient.GrouperClient main 

SEVERE: Property encrypt.key in properties file: grouper.client.properties, has a blank value, it is required java.lang.RuntimeException: Property encrypt.key in properties file: grouper.client.properties, has a blank value, it is required

at edu.internet2.middleware.grouperClient.config.ConfigPropertiesCascadeBase.propertyValueStringHelper(ConfigPropertiesCascadeBase.java:496)

...

...

 
 
 
The way to reproduce the error is as follows:
 

$ export GROUPER_CLIENT_WS_URL=https://grouper_web_server_address/grouper-ws/servicesRest 

$ export GROUPER_CLIENT_WS_LOGIN=login_username 

$ export GROUPER_CLIENT_WS_PASSWORD=/full/path/to/encrypted/password/file

• set the “encrypt.key” property in grouper.client.properties to the full path of the encryption key file
   

  $ java -jar grouperClient.jar --operation=getMembersWs --groupNames=PATH:TO:GROUPER:GROUP

   
  The command works if the GROUPER_CLIENT_WS_PASSWORD is set to the actual password value instead, which of course is a security risk. This was encountered when running grouperClient on linux and MacOS (Catalina and Big Sur) hosts, with openjdk 11.0.2. It hasn’t been tried on a windows host. 
  I suspect the same may be true if GROUPER_CLIENT_LDAP_PASSWORD is set to a path instead of the actual password.