Thanks for response. I knew we could use VAULT to secure the ssl keysore password. But my question was besides VAULT, does Jboss provide other way such as using JAAS custom login module as a security domain to encrypt the keystore password? In this way, I could encrypt the keystore passwork by using my own cryto library.
You can write custom login module
read more about that:
Yes, we could write our own JAAS login module like the links described. But how could we use this login module to secure the ssl keystore password defined at ssl section?
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true"> <ssl name="dvs-ssl" key-alias="test" password="secret" certificate-key-file="C:\\test.keystore" protocol="TLSv1" verify-client="false"/> </connector>
We do not want to use VAULT. We like to use our own crypto libratry to do the decryption in the JAAS login module.