Encrypt Password in JBOSS
------------------------------------
1. Copy jks keystore to /hom/jboss in both Master and Slave
Bring down all controllers
2. 06-Oct-14@14:05:29-jboss@hostname1a:/rh/jboss/app1a/bin>./vault.sh
=====================================================================
JBoss Vault
JBOSS_HOME: /rh/jboss/app1a
JAVA: /usr/IBM/WebSphere/AppServer/java/bin/java
=====================================================================
**********************************
**** JBoss Vault ***************
**********************************
Please enter a Digit:: 0: Start Interactive Session 1: Remove Interactive Session 2: Exit
1
1
Removing the current interactive session
Please enter a Digit:: 0: Start Interactive Session 1: Remove Interactive Session 2: Exit
Removing the current interactive session
Please enter a Digit:: 0: Start Interactive Session 1: Remove Interactive Session 2: Exit
0
Starting an interactive session
Enter directory to store encrypted files:/home/jboss
Enter Keystore URL:/home/jboss/hostname1a.jks
Enter Keystore password:
Enter Keystore password again:
Values match
Enter 8 character salt:12345678
Enter iteration count as a number (Eg: 44):44
Enter Keystore Alias:hostname1a
Initializing Vault
Oct 6, 2014 2:06:33 PM org.picketbox.plugins.vault.PicketBoxSecurityVault init
INFO: PBOX000361: Default Security Vault Implementation Initialized and Ready
Vault Configuration in AS7 config file:
********************************************
...
</extensions>
<vault>
<vault-option name="KEYSTORE_URL" value="/home/jboss/hostname1a.jks"/>
<vault-option name="KEYSTORE_PASSWORD" value="MASK-2exADfZEVkq4nkGflMRrtM"/>
<vault-option name="KEYSTORE_ALIAS" value="hostname1a"/>
<vault-option name="SALT" value="12345678"/>
<vault-option name="ITERATION_COUNT" value="44"/>
<vault-option name="ENC_FILE_DIR" value="/home/jboss/"/>
</vault><management> ...
********************************************
Vault is initialized and ready for use
Handshake with Vault complete
Please enter a Digit:: 0: Store a secured attribute 1: Check whether a secured attribute exists 2: Exit
0
Task: Store a secured attribute
Please enter secured attribute value (such as password):
Please enter secured attribute value (such as password) again:
Values match
Enter Vault Block:db2ds
Enter Attribute Name:db2ds
Secured attribute value has been stored in vault.
Please make note of the following:
********************************************
Vault Block:db2ds
Attribute Name:db2ds
Configuration should be done as follows:
VAULT::db2ds::db2ds::1
********************************************
Please enter a Digit:: 0: Store a secured attribute 1: Check whether a secured attribute exists 2: Exit
1
Task: Verify whether a secured attribute exists
Enter Vault Block:db2ds
Enter Attribute Name:db2ds
A value exists for (db2ds, db2ds)
Please enter a Digit:: 0: Store a secured attribute 1: Check whether a secured attribute exists 2: Exit
[2] + Stopped (SIGTSTP) ./vault.sh
You have mail in /usr/spool/mail/jboss
06-Oct-14@14:14:46-jboss@hostname1a:/rh/jboss/app1a/bin>
3. Add below Vault in both Domain and Host controller
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
FROM CLI
[domain@localhost:39999 /] /host=/host=master/core-service=vault:add(vault-options=[("KEYSTORE_URL" => "/home/jboss/a01sribapp3a.jks"),("KEYSTORE_PASSWORD" => "MASK-2exADfZEVkq4nkGflMRrtM"), ("KEYSTORE_ALIAS" => "a01sribapp3a"), ("SALT" => "12345678"), ("ITERATION_COUNT" => "44"), ("ENC_FILE_DIR" => "/home/jboss/")])
Manually
<vault>
<vault-option name="KEYSTORE_URL" value="/home/jboss/vaultks.jks"/>
<vault-option name="KEYSTORE_PASSWORD" value="MASK-2exADfZEVkq4nkGflMRrtM"/>
<vault-option name="KEYSTORE_ALIAS" value="vaultks"/>
<vault-option name="SALT" value="12345678"/>
<vault-option name="ITERATION_COUNT" value="44"/>
<vault-option name="ENC_FILE_DIR" value="/home/jboss/"/>
</vault><management> ...
4. Edit domain.xml and in place of passwored give ${VAULT::db2ds::db2ds::1}
5. Start Domain ,host controllers and servers test the connectivity