AS7 Password Vault on Windows

Version 3

    Reference: https://community.jboss.org/wiki/JBossAS7SecuringPasswords

     

     

    What we need?

    1. JDK installation
    2. Setting of JAVA_HOME Environment Variable
    3. Creation a KeyStore
    4. JBoss AS 7.1.x installation

     

    Step 1  JDK Installation

    Please go to http://java.com and download JDK installation for Windows. (Remember you need JDK installation and not JRE).

    I tested this on Windows 7.  I downloaded and installed JDK 1.6.0_31 from http://www.oracle.com/technetwork/java/javase/downloads/jdk-6u31-download-1501634.html

    I installed JDK6 in  c:\Java directory.

     

    Step 2  Setting of JAVA_HOME Environment Variable

    I tested this on Windows 7.  So your mileage may vary depending on whether you are on XP, Vista, Win7 etc.  Please google and you will find instructions for your version of windows. They are pretty close.

     

    • I went to Control Panel. 
    • Searched for "Environment".
    • Chose the "Edit the system environment variables"
    • I went into Advanced -> Environment Variables
    • I created a new environment variable called   JAVA_HOME     and set the value to     c:\Java\jdk1.6.0_31
    • In the PATH environment variable,  I appended    %JAVA_HOME%\bin;       (remember to add ;  at the end)
    • Run -> cmd
    • Type   java     and you should see a bunch of options  rather than "Java is not recognized"

     

     

    Step 3  Create a Keystore

     

    I created a directory called keystores in c:\

     

     

    C:\>md keystores
    
    
    C:\>cd keystores
    
    C:\keystores>keytool -alias vault -keyalg RSA -keysize 1024 -keystore vault.keys
    tore
    Usage error: no command provided
    Try keytool -help
    
    
    C:\keystores>keytool -genkey -alias vault -keyalg RSA -keysize 1024 -keystore va
    ult.keystore
    Enter keystore password:
    Re-enter new password:
    What is your first and last name?
      [Unknown]:  PicketBox Vault
    What is the name of your organizational unit?
      [Unknown]:  PicketBox
    What is the name of your organization?
      [Unknown]:  JBoss
    What is the name of your City or Locality?
      [Unknown]:  Chicago
    What is the name of your State or Province?
      [Unknown]:  IL
    What is the two-letter country code for this unit?
      [Unknown]:  US
    Is CN=PicketBox Vault, OU=PicketBox, O=JBoss, L=Chicago, ST=IL, C=US correct?
      [no]:  yes
    
    
    Enter key password for <vault>
            (RETURN if same as keystore password):
    
    
    C:\keystores>
    C:\keystores>dir
     Volume in drive C is  
    
     Directory of C:\keystores 
    
    03/26/2012  11:58 AM    <DIR>          .
    03/26/2012  11:58 AM    <DIR>          ..
    03/26/2012  11:58 AM             1,359 vault.keystore
    

     

     

    That is it.

     

    Step 4: JBoss AS 7.1.x Installation and Vault Interaction

     

    I downloaded JBoss AS 7.1.1.Final.zip  and extracted it into c:\jboss-as-7.1.1.Final

     

    We will use the vault.bat script in the bin directory of JBoss AS.

     

     

    c:\jboss-as-7.1.1.Final\bin>vault.bat
    not defined java
    =========================================================================
    
    
      JBoss Vault
    
    
      JBOSS_HOME: c:\jboss-as-7.1.1.Final\bin\\..
    
    
      JAVA: C:\Java\jdk1.6.0_31\bin\java
    
    
      VAULT Classpath: c:\jboss-as-7.1.1.Final\bin\\..\modules\org\picketbox\main\*;
    c:\jboss-as-7.1.1.Final\bin\\..\modules\org\jboss\logging\main\*;c:\jboss-as-7.1
    .1.Final\bin\\..\modules\org\jboss\common-core\main\*;c:\jboss-as-7.1.1.Final\bi
    n\\..\modules\org\jboss\as\security\main\*
    =========================================================================
    
    
    **********************************
    ****  JBoss Vault ********
    **********************************
    Please enter a Digit::   0: Start Interactive Session  1: Remove Interactive Ses
    sion  2: Exit
    0
    Starting an interactive session
    Enter directory to store encrypted files (end with either / or \ based on Unix o
    r Windows:c:\vault\
    Enter Keystore URL:c:\keystores\vault.keystore
    Enter Keystore password:
    Enter Keystore password again:
    Values match
    Enter 8 character salt:12345678
    Enter iteration count as a number (Eg: 44):50
    
    
    Please make note of the following:
    ********************************************
    Masked Password:MASK-5WNXs8oEbrs
    salt:12345678
    Iteration Count:50
    ********************************************
    
    
    Enter Keystore Alias:vault
    Mar 26, 2012 12:59:55 PM org.jboss.security.vault.SecurityVaultFactory get
    INFO: Getting Security Vault with implementation of org.picketbox.plugins.vault.
    PicketBoxSecurityVault
    Obtained Vault
    Initializing Vault
    Mar 26, 2012 12:59:56 PM org.picketbox.plugins.vault.PicketBoxSecurityVault init
    
    
    INFO: Default Security Vault Implementation Initialized and Ready
    Vault is initialized and ready for use
    Handshake with Vault complete
    Please enter a Digit::   0: Store a password  1: Check whether password exists
    2: Exit
    0
    Task:  Store a password
    Please enter attribute value:
    Please enter attribute value again:
    Values match
    Enter Vault Block:ds_ExampleDS
    Enter Attribute Name:password
    Attribute Value for (ds_ExampleDS, password) saved
    
    
    Please make note of the following:
    ********************************************
    Vault Block:ds_ExampleDS
    Attribute Name:password
    Shared Key:YzU5MDJiMjUtNjJiMy00NTBlLThkYTgtNTUxZDA0ZmI2M2IzTElORV9CUkVBS3ZhdWx0
    Configuration should be done as follows:
    VAULT::ds_ExampleDS::password::YzU5MDJiMjUtNjJiMy00NTBlLThkYTgtNTUxZDA0ZmI2M2IzT
    ElORV9CUkVBS3ZhdWx0
    ********************************************
    
    
    Please enter a Digit::   0: Store a password  1: Check whether password exists
    2: Exit
    1
    Task: Verify whether a password exists
    Enter Vault Block:ds_ExampleDS
    Enter Attribute Name:password
    A value exists for (ds_ExampleDS, password)
    Please enter a Digit::   0: Store a password  1: Check whether password exists
    2: Exit
    2
    c:\jboss-as-7.1.1.Final\bin> 
    

     

     

    As you can see, we have used the vault.bat script successfully to interact with the vault.

     

    Please refer to https://community.jboss.org/wiki/JBossAS7SecuringPasswords   to configure the domain model (standalone.xml or domain.xml) for the attributes that are masked.