How to encrypt Database passwords in Jboss EAP 7

Latest response

How to encrypt Database passwords in Jboss EAP 7 ?

Responses

Hi Anil,

The best way of securing sensitive strings, including database passwords, is to use a password vault.

You can find details on using a password vault in the Server Security Guide:

https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0/how-to-configure-server-security/#secure_passwords

Lucas,

I configured the Vault.

  1. Genearted keystore for vault
  2. setup vault to store a password encrypted passwords (using RSA key above).
  3. Added Database password to the vault.
  4. Configured instance (Domain and Host) to use the vault by adding the vault configuration to the JBoss configuration file

    Below command updated host-master.xml [domain@192.168.211.147:9999 /] /host=DC-XXX1/core-service=vault:add(vault-options={"KEYSTORE_URL" => "/app/jboss/current/vault/vault.keystore","KEYSTORE_PASSWORD" => "MASK-33yMmC0iRUQ9Sb26wAv8Ne","KEYSTORE_ALIAS" => "vault","SALT" => "12345678","ITERATION_COUNT" => "50","ENC_FILE_DIR" => "/app/jboss/current/vault"}

    Below updated host-slave.xml [domain@192.168.211.147:9999 /] /host=HOS-XXX2/core-service=vault:add(vault-options={"KEYSTORE_URL" => "/app/jboss/current/vault/vault.keystore","KEYSTORE_PASSWORD" => "MASK-33yMmC0iRUQ9Sb26wAv8Ne","KEYSTORE_ALIAS" => "vault","SALT" => "12345678","ITERATION_COUNT" => "50","ENC_FILE_DIR" => "/app/jboss/current/vault"}

i configured the data source from the console . [ In the password value i give "${VAULT::DS::password_name::1}" which was generated when i encrypted the database password ]

Datasource configuration fails with the following exception "failure-description" => {"WFLYDC0074: Operation failed or was rolled back on all servers. Server failures:" => {"server-group" => {"servergroup-xxx" => {"host" => { "Domain" => {"serverxxxx1" => {"WFLYCTL0062: Composite operation failed and was rolled back. Steps that failed:" => {"Operation step-1" => "WFLYCTL0158: Operation handler failed: java.lang.SecurityException: WFLYSRV0230: Vault is not initialized"}}}, "host" => {"serverxxxx2" => {"WFLYCTL0062: Composite operation failed and was rolled back. Steps that failed:" => {"Operation step-1" => "WFLYCTL0158: Operation handler failed: java.lang.SecurityException: WFLYSRV0230: Vault is not initialized"}}}

failure-description" => {"WFLYCTL0062: Composite operation failed and was rolled back. Steps that failed:" => {"Operation step-1" => "WFLYCTL0158: Operation handler failed: java.lang.SecurityException: WFLYSRV0230: Vault is not initialized"}},

Hi Anil,

As long as you configured the vault on both your domain controller (master) and the domain hosts (slaves), I'm not sure why you are getting that error. I would suggest that you open a support case so one of our support engineers can have a look.