10.11.3. Mask the Keystore Password and Initialize the Password Vault
EAP_HOME/bin/vault.shapplication needs to be accessible via a command-line interface.
EAP_HOME/bin/vault.sh. Start a new interactive session by typing
Enter the directory where encrypted files will be stored.This directory should be reasonably secure, but JBoss EAP 6 needs to be able to access it. If you followed Section 10.11.2, “Create a Java Keystore to Store Sensitive Strings”, your keystore is in a directory called
vault/in your home directory. This example uses the directory
NoteDo not forget to include the trailing slash on the directory name. Either use
\, depending on your operating system.
Enter the path to the keystore.Enter the full path to the keystore file. This example uses
Encrypt the keystore password.The following steps encrypt the keystore password, so that you can use it in configuration files and applications securely.
Enter the keystore password.When prompted, enter the keystore password.
Enter a salt value.Enter an 8-character salt value. The salt value, together with the iteration count (below), are used to create the hash value.
Enter the iteration count.Enter a number for the iteration count.
Make a note of the masked password information.The masked password, the salt, and the iteration count are printed to standard output. Make a note of them in a secure location. An attacker could use them to decrypt the password.
Enter the alias of the vault.When prompted, enter the alias of the vault. If you followed Section 10.11.2, “Create a Java Keystore to Store Sensitive Strings” to create your vault, the alias is
Exit the interactive console.Type
2to exit the interactive console.
Your keystore password has been masked for use in configuration files and deployments. In addition, your vault is fully configured and ready to use.