Show Table of Contents
7.9. Use an Encrypted Sensitive String in Configuration
Any sensitive string which has been encrypted can be used in a configuration file or Management CLI command in its masked form, providing expressions are allowed.
To confirm if expressions are allowed within a particular subsystem, run the following Management CLI command against that subsystem.
Note
Add the prefix
/host=HOST_NAME to the command for a managed domain.
/core-service=SUBSYSTEM:read-resource-description(recursive=true)
Example 7.8. List the Description of all Resources in the Management Subsystem
/core-service=management:read-resource-description(recursive=true)
From the output of running this command, look for the value of the
expressions-allowed parameter. If this is true, then you can use expressions within the configuration of this subsystem.
Use the following syntax to replace any plaintext string with the masked form.
${VAULT::VAULT_BLOCK::ATTRIBUTE_NAME::MASKED_STRING}Example 7.9. Datasource Definition Using a Password in Masked Form
In this example the vault block is
ds_ExampleDS and the attribute is password.
...
<subsystem xmlns="urn:jboss:domain:datasources:1.0">
<datasources>
<datasource jndi-name="java:jboss/datasources/ExampleDS" enabled="true" use-java-context="true" pool-name="H2DS">
<connection-url>jdbc:h2:mem:test;DB_CLOSE_DELAY=-1</connection-url>
<driver>h2</driver>
<pool></pool>
<security>
<user-name>sa</user-name>
<password>${VAULT::ds_ExampleDS::password::1}</password>
</security>
</datasource>
<drivers>
<driver name="h2" module="com.h2database.h2">
<xa-datasource-class>org.h2.jdbcx.JdbcDataSource</xa-datasource-class>
</driver>
</drivers>
</datasources>
</subsystem>
...

Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.