There are lots of scripts online that show you how to decrypt WebLogic passwords. Some work on different versions of the product but not others. Here's the simplest, most straightforward approach to decrypting passwords in Oracle WebLogic Server 12c.

This has been tested on Oracle WebLogic Server 12.1.3 and 12.2.1.

Location of AES Encrypted Passwords

Passwords are mainly located in configuration files here:


Decrypt WebLogic Passwords

1. Get the password you would like to decrypt (in AES format). For example:

cd /u01/app/oracle/middleware/user_projects/domains/wl_domain/config
cat config.xml | grep AES

2. Run WLST:

cd /u01/app/oracle/middleware/oracle_common/common/bin

3. Set the domain and decrypt the password:

domain = "/u01/app/oracle/middleware/user_projects/domains/wl_domain"
service =
encryption =
print encryption.decrypt("{AES}nFIptO4HdY8fxSgLjrS8ZNqsVlcB2zQZzYJQ9o7AbJU=")

Enter the domain name, and paste the entire {AES} password as shown.