automate vault creation

Latest response

How to automate the creation of a password vault on Jboss eap 6.4.14?

The idea is to create a script that defines a standalone Jboss instance. Multiple standalone instances will be supported sharing a common Jboss eap installation. The script will define a ready to use instance so with a:

ldap connection (using ssl/tls) for admin users

With eap 6.4.14 I noticed that a vault will only be created by setting an attribute/sec_attribute pair. The output is an xml string. It will be much more convenient to have the output as a cli command. does anyone already some scripts for this and is willing to share them?


Hi Paul,

Changing the output to a CLI command is on the radar for the JBoss EAP 7.x stream:

You could use a script to programatically convert the XML to a CLI command. The CLI command you would want is:

/core-service=vault:add( \
vault-options=[ \
("SALT" => "SALT"), \

See the JBoss EAP 'How To Configure Server Security' guide for more info on the CLI command to configure JBoss EAP to use the vault:

I did spend some time on this and wrote a small ugly script that does it. For the people interested:

salt=$(date +%d%H%M%S)
$JBOSS_HOME/bin/ -e $vaultdir/ -k $vaultdir/vault.keystore -p $keypass -v vault -s $salt -i 19 -b jks -a identity -x $idpasswd >/dev/null
$JBOSS_HOME/bin/ -e $vaultdir/ -k $vaultdir/vault.keystore -p $keypass -v vault -s $salt -i 19 -b jks -a truststore -x $trustpasswd | awk -F\" '/vault-option name=/ {print $2 "=" $4}' > $vaultxml

.  $vaultxml
echo -e "if (outcome == success) of  /core-service=vault:read-resource\n \
/core-service=vault:remove\n \
end-if" > $vaultcli

echo /core-service=vault:add\(vault-options=\[ \
\(\"KEYSTORE_URL\" =\> \"$KEYSTORE_URL\"\), \
\(\"SALT\" =\> \"$SALT\"\), \
\(\"ENC_FILE_DIR\" =\> \"$ENC_FILE_DIR\"\)\]\) >> $vaultcli
echo reload >> $vaultcli

$SCRIPTDIR/cli-$ $vaultcli
rm -f  $vaultxml  $vaultcli