After changing the DB password of the RSSO database user; how can one encrypt the password and modify the RSSO configuration so this new password is used?

Reference document to determine a new encryption key.
https://docs.bmc.com/docs/rsso/2002/configuring-after-installation-908954432.html

One must change the encryption key after upgrading BMC Remedy SSO and use it to encrypt the database password again. Perform the following steps to change the encrypt key and re-encrypt the password.

1. Determine the new encryption key.

2. Run the following command to obtain a new password for the database user.

   java -jar rsso-ds-<RSSO_version>.jar <password> <new-key> where, * <password>: Is the unencrypted password of the database user. * <new-key>: Is the new encryption key.  You can use existing value of the key from a file 'rsso.key' from '<tomcat>\webapps\rsso\WEB-INF\classes' folder.  When using the value, don't include 'key=' in  the command parameter, just its value   * rsso-ds-<RSSO_Version>.jar: Can be found in the <tomcat>/webapps/rsso/WEB-INF/lib folder.

   
   Picture of the actual command at Windows prompt.  You can ignore the Logger warning message seen in the below screenshot.  Encrypted text of the new password is displayed at the last line of the command output, as can be seen in the below screenshot.
   
   
   
    

3. For each BMC Remedy SSO server in the cluster, perform the following steps:

   1. Modify the rsso.key file in the <tomcat>/webapps/rsso/WEB-INF/classes folder.

   2. Change existing line key=<old-key> to key.old=<old-key>, where <old-key> is the current key in rsso.key file.

   3. Add a new line key=<new-key>, where <new-key> is the new key to be applied.

   4. Modify the context.xml file in <tomcat>/webapps/rsso/META-INF folder.

   5. Update the password field as password="AES:<encrypted-password>", where <encrypted-password> is the encrypted password obtained in Step 2.

4. Log in to the Admin console of BMC Remedy SSO.

5. On the General tab, click Save without making any change.

6. Click the Realm tab.

7. Edit each realm and click Save without making any change.

8. For each BMC Remedy SSO server, remove the old encryption key from the rsso.key file in the <tomcat>/webapps/rsso/WEB-INF/classes folder.

Note that there is no need to restart the BMC Remedy SSO server after you change the encryption key.

Once the new password has been encrypted, follow the docs to add this to the configuration for RSSO.

RSSO should now be able to connect to the database successfully.

Note 1: Using Linux OS you may need to add single quotes around the new password and encryption key for the command to run successfully:
java -jar rsso-ds-<version>.jar 'newpassword' 'encryptionstring'

Note 2: For testing, a plain-text password can be used directly in the context.xml page.

Note 3: In one use-case, the above instructions were used but the RSSO user account was still getting locked out of the database.  In this use-case, it was found that an rsso.old sub-directory had been created under the Tomcat path: /opt/apache/latest/webapps.  Once the rsso.old sub-directory had been removed and Tomcat restarted, the RSSO user account no longer locked out the connection to the RSSO database.