you can just use vault expression in place of secret value.
some thing along this lines:
for more info:
thanks for your answer. I already know the Vault feature for storing/securing the password on the file system in a secure way.
Although, my question was not how to store it securely on the file system, but how the password will be transmitted from slave to master host controller on the network.
I don't understand that? Is it done just plain or DIGEST or something else
1 of 1 people found this helpful
It is the server side of the configuration that decides if the password will be transmitted using Digest or Plain - in general our default preference is to always use Digest authentication but we fall back to Plain when the server side of the configuration does not supply the information needed for Digest.
Server side in order to use Digest we need to be able to access either the plain text password for the user or we need to access a pre prepared hash of their username and password with the realm - for configurations that can't supply either of these we then fall back to the Plain mechanism. In practice this means that we use Digest when the properties file is used but fall back to Plain when either Ldap or Jaas are used for the verification.
This week I am starting work on the following task to make it possible to plug in different stores so we don't need to rely on the JAAS integration that makes us fall back to Plain: -
There are a couple of slightly higher priority tasks I need to look at sooner but will also review for LDAP based authentication how we can implement a pass through digest mechanism against LDAP to again eliminate the plain text passwords: -