5 Replies Latest reply on Feb 27, 2015 11:04 AM by jbosspadawa

Encrypting HornetQ pooled-connection credentials

jbosspadawa Feb 26, 2015 12:18 PM

I have the following pooled connection factory configured in hornetq within a wildfly profile. Remote JMS connections work great. I need to find a way to encrypt the password so it is not in plain text. I have successfully encrypted passwords on data sources by using picketbox with security domains. is there a similar way to accomplish this in the hornetq configuration within a wildfly profile? I will also need to do this for the hornetq cluster user and password

<pooled-connection-factory name="hornetq-ra">

<user>superuser</user>

<password>overlycomplicatedpassword</password>

<connector-ref connector-name="remote-connectio-to-q-1"/>

</connectors>

</entries>

</pooled-connection-factory>

Thanks for you help

1. Re: Encrypting HornetQ pooled-connection credentials

jbertram Feb 26, 2015 12:28 PM (in response to jbosspadawa)

I believe you can use a "vault" to mask arbitrary configuration properties. See Masking passwords for WildFly using non-interactive VaultTool for more info.
Actions
2. Re: Encrypting HornetQ pooled-connection credentials

jbosspadawa Feb 26, 2015 6:24 PM (in response to jbosspadawa)

Ok, I followed the instructions and I was able to create the vault using the keytool and inserted my password using the vault.sh. Now my problem is when I add the <vault> tag between the extensions and management tags, I get an error when I restart the domain controller:

[Host Controller] 16:22:25,589 ERROR [org.jboss.as.host.controller] (Controller Boot Thread) JBAS010932:

Caught exception during boot: org.jboss.as.controller.persistence.ConfigurationPersistenceException: JB

AS014676: Failed to parse configuration

[Host Controller]       at org.jboss.as.controller.persistence.XmlConfigurationPersister.load(XmlConfigu

rationPersister.java:112) [wildfly-controller-8.1.0.Final.jar:8.1.0.Final]

[Host Controller]       at org.jboss.as.host.controller.DomainModelControllerService.boot(DomainModelCon

trollerService.java:509) [wildfly-host-controller-8.1.0.Final.jar:8.1.0.Final]

[Host Controller]       at org.jboss.as.controller.AbstractControllerService$1.run(AbstractControllerSer

vice.java:256) [wildfly-controller-8.1.0.Final.jar:8.1.0.Final]

[Host Controller]       at java.lang.Thread.run(Thread.java:745) [rt.jar:1.7.0_67]

[Host Controller] Caused by: javax.xml.stream.XMLStreamException: ParseError at [row,col]:[34,1]

[Host Controller] Message: JBAS014789: Unexpected element '{urn:jboss:domain:2.1}vault' encountered

[Host Controller]       at org.jboss.as.controller.parsing.ParseUtils.unexpectedElement(ParseUtils.java:85) [wildfly-controller-8.1.0.Final.jar:8.1.0.Final]

[Host Controller]       at org.jboss.as.host.controller.parsing.DomainXml.readDomainElement2_0(DomainXml.java:516) [wildfly-host-controller-8.1.0.Final.jar:8.1.0.Final]

the great google does not pull anything on this, I am using wildfly 8.1.0

thanks for the help.
Actions
3. Re: Encrypting HornetQ pooled-connection credentials

jbertram Feb 26, 2015 8:18 PM (in response to jbosspadawa)

I can't speak to that error as I don't work on Wildfly.
Actions
4. Re: Encrypting HornetQ pooled-connection credentials

ctomc Feb 27, 2015 10:54 AM (in response to jbosspadawa)

you broke standalone.xml somehow. error is around line 34 as exception tells you
Actions
5. Re: Encrypting HornetQ pooled-connection credentials

jbosspadawa Feb 27, 2015 11:04 AM (in response to ctomc)

Yes, it breaks when I add the <vault></vault> between the <extensions/> and <management/> tags. Do I have to add another extension to get the Vault to work. Also this is setup in domain mode.
Actions

Go to original post