- 
        1. Re: AS7: Sensitive Attributes Maskinganil.saldhana Aug 31, 2011 3:05 PM (in response to anil.saldhana)The security schema in AS7.1 has a new vault element that can be used to configure the attribute vault. An offline tool is needed to interact with the vault to store the attributes. The AS is supposed to be a read only customer of the vault. The proposal is to create bin/vault.sh (vault.bat) to interact with the default implementation of the vault. 
- 
        2. Re: AS7: Sensitive Attributes Maskinganil.saldhana Sep 20, 2011 5:25 PM (in response to anil.saldhana)********************************** **** JBoss Vault ******** ********************************** Please enter a Digit:: 0: Start Interactive Session 1: Remove Interactive Session 2: Exit 0 Starting an interactive session Enter directory to store encrypted files (end with either / or \ based on Unix or Windows:/home/anil/vault/ Enter Keystore URL:/home/anil/vault/vault.keystore Enter Keystore password: Enter Keystore password again: Password match Enter 8 character salt:12345678 Enter iteration count as a number (Eg: 44):50 Please make note of the following: ******************************************** Masked Password:MASK-5WNXs8oEbrs salt:12345678 Iteration Count:50 ******************************************** Enter Keystore Alias:vault Sep 20, 2011 4:23:40 PM org.jboss.security.vault.SecurityVaultFactory get INFO: Getting Security Vault with implementation of org.picketbox.plugins.vault.PicketBoxSecurityVault Obtained Vault Intializing Vault Vault is initialized and ready for use Handshake with Vault complete Please enter a Digit:: 0: Store a password 1: Check whether password exists 2: Exit 0 Task: Store a password Please enter attribute value: Please enter attribute value again: Password match Enter Vault Block:messaging Enter Attribute Name:pass Attribute Value for (messaging, pass) saved Please enter a Digit:: 0: Store a password 1: Check whether password exists 2: Exit 1 Task: Verify whether a password exists Enter Vault Block:messaging Enter Attribute Name:pass A value exists for (messaging, pass) Please enter a Digit:: 0: Store a password 1: Check whether password exists 2: Exit 2 
- 
        3. Re: AS7: Sensitive Attributes Maskingdimonv Dec 19, 2011 4:28 AM (in response to anil.saldhana)Hi all, I'm currently trying to apply vault for DataSource' password in JBoss AS 7.1.0.Beta1 as described in Wiki http://community.jboss.org/wiki/JBossAS7SecuringPasswords but doesn't work. I get following exception: 10:23:41,265 ERROR [org.jboss.as.controller] (ServerService Thread Pool -- 47) JBAS014612: Operation ("enable") failed - address: ([ ("subsystem" => "datasources"), ("data-source" => "java:jboss/jdbc/MSSQLDataSource-PROD") ]): java.lang.SecurityException: org.jboss.security.vault.SecurityVaultException: PB00027: Vault Mismatch:Shared Key does not match for vault block:MSSQLDataSource and attributeName:password at org.jboss.as.server.services.security.RuntimeVaultReader.retrieveFromVault(RuntimeVaultReader.java:98) [jboss-as-server-7.1.0.Beta1.jar:] at org.jboss.as.server.RuntimeExpressionResolver.resolvePluggableExpression(RuntimeExpressionResolver.java:45) [jboss-as-server-7.1.0.Beta1.jar:] at org.jboss.as.controller.ExpressionResolverImpl.resolveExpressionsRecursively(ExpressionResolverImpl.java:58) [jboss-as-controller-7.1.0.Beta1.jar:] ... My configuration: I put vault configuration in standalone in the server scope: <vault> <vault-option name="KEYSTORE_URL" value="C:/eplatform/jboss/AS-7.0/standalone/configuration/vault.keystore"/> <vault-option name="KEYSTORE_PASSWORD" value="MASK-8mj0bd6g0iq"/> <vault-option name="KEYSTORE_ALIAS" value="vault"/> <vault-option name="SALT" value="12345678"/> <vault-option name="ITERATION_COUNT" value="42"/> <vault-option name="ENC_FILE_DIR" value="C:/eplatform/jboss/AS-7.0/standalone/data/"/> </vault> and the DataSource' password value: <password> ${VAULT::MSSQLDataSource::password::MmUxNzU1MjgtYWM1Mi00MzZmLThlZTctZGIxNzE4ZGQ3ZWZlTElORV9CUkVBS3ZhdWx0} </password> Thanks and regards 
- 
        4. Re: AS7: Sensitive Attributes Maskingdimonv Dec 20, 2011 11:06 AM (in response to dimonv)Hi, I found out the origin: I had to complete the expression for password with semicolon (;) But now I have another issue. At the moment I put <vault> config into server scope. ... </extensions> <vault> ... </vault> <management> ... The server starts up, vault is initialized and the DS password is decrypted; everything works. But JBoss configuration is dumped back to standalone.xml and <vault> disappears: <vault/> Where shall I put <vault> configuration? Thanks 
 
    