How to configure custom subsystems to access the vault encrypted string to webapplication[Jboss EAP 6.4.0]
I am trying the configure the vault encrypted strings(username/passwords)[{VAULT::ds_Example1::password::1], these strings should accessible by the application in the runtime.
Is it possible to configure through a custom subsystems in Jboss?
Responses
I have been trying to get this to work following the documentation and workarounds in threads I've come across. It would be nice for a technical expert to formally give an explanation. Here are my steps:
4.2.1.1. Set Up a Password Vault
keytool -genseckey -alias vault -storetype jceks -keyalg AES -keysize 128 -storepass vault22 -keypass vault22 -validity 730 -keystore /opt/jboss/jboss-eap-7.0/vault/vault.keystore
4.2.1.2. Initialize the password vault.
JAVA_OPTS="$JAVA_OPTS -Djboss.modules.system.pkgs=com.sun.crypto.provider"
vault.sh --keystore /opt/jboss/jboss-eap-7.0/vault/vault.keystore --keystore-password vault22 --alias vault --vault-block webmapDS --attribute password --sec-attr Vinson00 --enc-dir /opt/jboss/jboss-eap-7.0/vault/ --iteration 120 --salt 1234abcd
OUTPUT:
Vault Block:webmapDS Attribute Name:password Configuration should be done as follows: VAULT::webmapDS::password::1
WFLYSEC0048: Vault Configuration in WildFly configuration file:
... ...
4.2.1.3. Configure JBoss EAP to use the password vault. Jboss-cli.sh /core-service=vault:add(vault-options=[("KEYSTORE_URL" => "/opt/jboss/jboss-eap-7.0/vault/vault.keystore"),("KEYSTORE_PASSWORD" => "MASK-5dOaAVafCSd"), ("KEYSTORE_ALIAS" => "vault"),("SALT" => "1234abcd"),("ITERATION_COUNT" => "120"),("ENC_FILE_DIR" => "/opt/jboss/jboss-eap-7.0/vault/")])
{ "outcome" => "failed", "failure-description" => "WFLYCTL0158: Operation handler failed: java.lang.RuntimeException: WFLYSRV0076: Error initializing vault -- org.jboss.as.server.services.security.VaultReaderException: WFLYSRV0227: Vault Reader Exception:", "rolled-back" => true }
https://access.redhat.com/solutions/1284393
/host=master/core-service=vault:add(vault-options={KEYSTORE_URL="/opt/jboss/jboss-eap-7.0/vault.keystore",KEYSTORE_PASSWORD="MASK-5dOaAVafCSd",KEYSTORE_ALIAS="vault",SALT="1234abcd",ITERATION_COUNT="120"}
[standalone@localhost:9993 /] /host=master/core-service=vault:add(vault-options={KEYSTORE_URL="/opt/jboss/jboss-eap-7.0/vault.keystore",KEYSTORE_PASSWORD="MASK-5dOaAVafCSd",KEYSTORE_ALIAS="vault",SALT="1234abcd",ITERATION_COUNT="120"}
Failed to get the list of the operation properties: "WFLYCTL0030: No resource definition is registered for address [ ("host" => "master"), ("core-service" => "vault") ]"
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.