8 Replies Latest reply on Feb 7, 2012 10:56 AM by ataylor

Encrypting keystore password?

ned233 Feb 7, 2012 8:32 AM

I have successfully created an SSL acceptor (within JBoss AS 7.1), as follows:

<factory-class>org.hornetq.core.remoting.impl.netty.NettyAcceptorFactory</factory-class>

</acceptor>

As you can see, the key-store-password and trust-store-password are in clear text. My company has a policy against storing any passwords in files in clear text. Is there a way to encrypt these? Or is there a way I can extend the default acceptor class?

Thanks,

Ed Keen

1. Re: Encrypting keystore password?

ataylor Feb 7, 2012 9:08 AM (in response to ned233)

not as yet, but feel free to raise a jira request to get it done, even better, feel free to implement it and contribute back to the community
Actions
2. Re: Encrypting keystore password?

ned233 Feb 7, 2012 9:24 AM (in response to ataylor)

Thanks Andy. I created the following jira: https://issues.jboss.org/browse/HORNETQ-845
Actions
3. Re: Encrypting keystore password?

ned233 Feb 7, 2012 10:35 AM (in response to ned233)

Andy, in the meantime, is there a way to programmatically create a HornetQ acceptor? I would need to get a handle to the running HornetQ server's configuration, and then I could just add my acceptor that way, instead of putting it in the xml file.
Actions
4. Re: Encrypting keystore password?

ataylor Feb 7, 2012 10:37 AM (in response to ned233)

How are you deploying hornetq?
Actions
5. Re: Encrypting keystore password?

ned233 Feb 7, 2012 10:39 AM (in response to ataylor)

I'm deploying from within JBoss AS 7.1. So JBoss is actually starting HornetQ. I just need a handle to the configuration. Is that possible?
Actions
6. Re: Encrypting keystore password?

ataylor Feb 7, 2012 10:43 AM (in response to ned233)

its possible but not simplistic, you would have tou implement your own subsystem, inject the hornetqserver and before it starts update the config. shame 7.1.final is due for release today, if you had asked a week or so ago, we may have been able to get this in for you.
Actions
7. Re: Encrypting keystore password?

ned233 Feb 7, 2012 10:49 AM (in response to ataylor)

Thanks for the feedback, Andy. We are not planning on going live until 3rd quarter 2012. Do you think it is feasible that this issue would be addressed by then?
Actions
8. Re: Encrypting keystore password?

ataylor Feb 7, 2012 10:56 AM (in response to ned233)

that would depend on the AS7 time frame for their next release, fixing it in HornetQ should be pretty easy tho.
Actions

Go to original post