3 Replies Latest reply on Jul 2, 2019 1:46 PM by Darran Lofthouse

    How to encrypt passwords in wildfly-config.xml

    valsaraj viswanathan Master

      <configuration>

        <authentication-client xmlns="urn:elytron:1.2">

         <authentication-rules>

         <rule use-configuration="namingConfig">

         <match-host name="127.0.0.1"/>

         </rule>

         </authentication-rules>

         <authentication-configurations>

         <configuration name="namingConfig">

         <set-user-name name="bob"/>

         <credentials>

         <clear-password password="secret"/>

         </credentials>

         </configuration>

         </authentication-configurations>

        </authentication-client>

      </configuration>

      Is there any option to avoid plan test password here?

        • 1. Re: How to encrypt passwords in wildfly-config.xml
          Darran Lofthouse Master

          Yes there is, we have recently identified that we are missing credential store documentation so I am actually in the process of writing that today, once section is going to be on how to use the credential store within the wildfly-config.xml so I will let you know here once my pull request is ready.

          1 of 1 people found this helpful
          • 3. Re: How to encrypt passwords in wildfly-config.xml
            Darran Lofthouse Master

            The following pull request contains more comprehensive documentation for the credential store - [WFLY-11101] Add documentation covering the use of the credential store. by darranl · Pull Request #12414 · wildfly/wild…

             

            For the specific question of how to use the credential store within the wildfly-config.xml the following is a configuration example: -

             

            <?xml version="1.0" encoding="UTF-8"?>

             

             

            <configuration>

                <authentication-client xmlns="urn:elytron:1.0">

                    <credential-stores>

                        <credential-store name="mycredstore">

                            <attributes>

                                <attribute name="keyStoreType" value="JCEKS" />

                                <attribute name="location" value="standalone/configuration/mycredstore.cs" />

                            </attributes>

                            <protection-parameter-credentials>

                                <clear-password password="StorePassword" />

                            </protection-parameter-credentials>

                        </credential-store>

                    </credential-stores>

             

             

                    <authentication-rules>

                                <rule use-configuration="default" />

                    </authentication-rules>

                    <authentication-configurations>

                        <configuration name="default">

                            <sasl-mechanism-selector selector="DIGEST-MD5" />

                            <providers>

                                <use-service-loader/>

                            </providers>

                            <set-user-name name="User" />

                            <credentials>

                                <credential-store-reference store="mycredstore" alias="User" />

                            </credentials>

                        </configuration>

                    </authentication-configurations>

                </authentication-client>

            </configuration>