-
1. Re: How can we encrypt the management user ID
jbertram Apr 16, 2014 10:58 AM (in response to bresnicow)I'm not clear on what userid you talking about here. Is this something specific to HornetQ or more generally applicable to WildFly?
-
2. Re: How can we encrypt the management user ID
bresnicow Apr 16, 2014 12:39 PM (in response to jbertram)This is about Wildfly security. I'm referring to the user id in the management-users.properties file. It stores the user name and the hashed password. We want to keep the user name hidden as well as the password. I dont see any documented way of doing this. It does mention use of a truststore, i think as an alternative to using the properties file, could that be used to store user and password. Or perhaps could the vault be used ?
If no existing option exists, could someone point me to the code where the management-users file is handled, maybe we could custom code a solution there.
thanks!
-
3. Re: How can we encrypt the management user ID
jbertram Apr 16, 2014 12:43 PM (in response to bresnicow)I moved this thread from the HornetQ forum to the WildFly forum since your question is about WildFly specifically and not HornetQ.
-
4. Re: How can we encrypt the management user ID
dlofthouse Apr 16, 2014 1:03 PM (in response to jbertram)If you want to consider alternative storage options please see the following documentation on how to create your own plug-ins: -
https://docs.jboss.org/author/display/WFLY8/Plug+Ins
Should point out that unless you are doing something fairly advanced and delegating this to something outside the server you are using to run WildFly then at best you are most likely to achieve obfuscation as you will most likely still end up with everything accessible to the wildfly process needed to reverse the encryption. In addition to this the username is also freely logged in both audit and debug logs.
-
5. Re: How can we encrypt the management user ID
bresnicow Apr 17, 2014 11:00 AM (in response to dlofthouse)Thanks, that looks like a possible solution but complicated.
I identified the class that reads mgmt-users.properties file to be as.domain.management.security.PropertiesFileLoader. Not sure yet where the file is created from.
Does JBoss provide a way to encrypt/decrypt files? If so, I could hook that into the PropertiesFileLoader.
-Bill R