Encrypt password using Vault

Encrypt Password in JBOSS 
------------------------------------
1. Copy jks keystore to /hom/jboss in both Master and Slave
Bring down all controllers
2. 06-Oct-14@14:05:29-jboss@hostname1a:/rh/jboss/app1a/bin>./vault.sh
=====================================================================
 
  JBoss Vault
 
  JBOSS_HOME: /rh/jboss/app1a
 
  JAVA: /usr/IBM/WebSphere/AppServer/java/bin/java
 
=====================================================================
 
**********************************
****  JBoss Vault  ***************
**********************************
Please enter a Digit::   0: Start Interactive Session  1: Remove Interactive Session  2: Exit
1
 
1
Removing the current interactive session
Please enter a Digit::   0: Start Interactive Session  1: Remove Interactive Session  2: Exit
Removing the current interactive session
Please enter a Digit::   0: Start Interactive Session  1: Remove Interactive Session  2: Exit
0
Starting an interactive session
Enter directory to store encrypted files:/home/jboss
Enter Keystore URL:/home/jboss/hostname1a.jks
Enter Keystore password: 
Enter Keystore password again: 
Values match
Enter 8 character salt:12345678
Enter iteration count as a number (Eg: 44):44
Enter Keystore Alias:hostname1a
Initializing Vault
Oct 6, 2014 2:06:33 PM org.picketbox.plugins.vault.PicketBoxSecurityVault init
INFO: PBOX000361: Default Security Vault Implementation Initialized and Ready
Vault Configuration in AS7 config file:
********************************************
...
</extensions>
<vault>
  <vault-option name="KEYSTORE_URL" value="/home/jboss/hostname1a.jks"/>
  <vault-option name="KEYSTORE_PASSWORD" value="MASK-2exADfZEVkq4nkGflMRrtM"/>
  <vault-option name="KEYSTORE_ALIAS" value="hostname1a"/>
  <vault-option name="SALT" value="12345678"/>
  <vault-option name="ITERATION_COUNT" value="44"/>
  <vault-option name="ENC_FILE_DIR" value="/home/jboss/"/>
</vault><management> ...
********************************************
Vault is initialized and ready for use
Handshake with Vault complete
Please enter a Digit::   0: Store a secured attribute  1: Check whether a secured attribute exists  2: Exit
 
0
Task: Store a secured attribute
Please enter secured attribute value (such as password): 
Please enter secured attribute value (such as password) again: 
Values match
Enter Vault Block:db2ds
Enter Attribute Name:db2ds
Secured attribute value has been stored in vault. 
Please make note of the following:
********************************************
Vault Block:db2ds
Attribute Name:db2ds
Configuration should be done as follows:
VAULT::db2ds::db2ds::1
********************************************
Please enter a Digit::   0: Store a secured attribute  1: Check whether a secured attribute exists  2: Exit
1
Task: Verify whether a secured attribute exists
Enter Vault Block:db2ds
Enter Attribute Name:db2ds
A value exists for (db2ds, db2ds)
Please enter a Digit::   0: Store a secured attribute  1: Check whether a secured attribute exists  2: Exit
[2] + Stopped (SIGTSTP)        ./vault.sh
You have mail in /usr/spool/mail/jboss
06-Oct-14@14:14:46-jboss@hostname1a:/rh/jboss/app1a/bin> 


3. Add below Vault in both Domain and Host controller 
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
FROM CLI 

[domain@localhost:39999 /] /host=/host=master/core-service=vault:add(vault-options=[("KEYSTORE_URL" => "/home/jboss/a01sribapp3a.jks"),("KEYSTORE_PASSWORD" => "MASK-2exADfZEVkq4nkGflMRrtM"), ("KEYSTORE_ALIAS" => "a01sribapp3a"), ("SALT" => "12345678"), ("ITERATION_COUNT" => "44"), ("ENC_FILE_DIR" => "/home/jboss/")])

Manually 

<vault>
  <vault-option name="KEYSTORE_URL" value="/home/jboss/vaultks.jks"/>
  <vault-option name="KEYSTORE_PASSWORD" value="MASK-2exADfZEVkq4nkGflMRrtM"/>
  <vault-option name="KEYSTORE_ALIAS" value="vaultks"/>
  <vault-option name="SALT" value="12345678"/>
  <vault-option name="ITERATION_COUNT" value="44"/>
  <vault-option name="ENC_FILE_DIR" value="/home/jboss/"/>
</vault><management> ...

4. Edit domain.xml and in place of passwored give ${VAULT::db2ds::db2ds::1}

5. Start Domain ,host controllers and servers test the connectivity 

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *