8.3. 在 Karaf 上设置 Fuse Credential Store

使用 credential-store:create 命令创建凭证存储：

karaf@root()> credential-store:create -a location=credential.store -k password="my password" -k algorithm=masked-MD5-DES
In order to use this credential store set the following environment variables
Variable                              | Value
------------------------------------------------------------------------------------------------------------------------
CREDENTIAL_STORE_PROTECTION_ALGORITHM | masked-MD5-DES
CREDENTIAL_STORE_PROTECTION_PARAMS    | MDkEKXNvbWVhcmJpdHJhcnljcmF6eXN0cmluZ3RoYXRkb2Vzbm90bWF0dGVyAgID6AQIsUOEqvog6XI=
CREDENTIAL_STORE_PROTECTION           | Sf6sYy7gNpygs311zcQh8Q==
CREDENTIAL_STORE_ATTR_location        | credential.store
Or simply use this:
export CREDENTIAL_STORE_PROTECTION_ALGORITHM=masked-MD5-DES
export CREDENTIAL_STORE_PROTECTION_PARAMS=MDkEKXNvbWVhcmJpdHJhcnljcmF6eXN0cmluZ3RoYXRkb2Vzbm90bWF0dGVyAgID6AQIsUOEqvog6XI=
export CREDENTIAL_STORE_PROTECTION=Sf6sYy7gNpygs311zcQh8Q==
export CREDENTIAL_STORE_ATTR_location=credential.store

这应该是 用于存储 secret 的 JCEKS KeyStore 文件。

退出 Karaf 容器：

karaf@root()> logout

设置创建凭证存储时显示的环境变量：

$ export CREDENTIAL_STORE_PROTECTION_ALGORITHM=masked-MD5-DES
$ export CREDENTIAL_STORE_PROTECTION_PARAMS=MDkEKXNvbWVhcmJpdHJhcnljcmF6eXN0cmluZ3RoYXRkb2Vzbm90bWF0dGVyAgID6AQIsUOEqvog6XI=
$ export CREDENTIAL_STORE_PROTECTION=Sf6sYy7gNpygs311zcQh8Q==
$ export CREDENTIAL_STORE_ATTR_location=credential.store

启动 Karaf 容器：

bin/karaf

使用 credential-store:store 将 secret 添加到凭证存储中：

karaf@root()> credential-store:store -a javax.net.ssl.keyStorePassword -s "alias is set"
Value stored in the credential store to reference it use: CS:javax.net.ssl.keyStorePassword

再次退出 Karaf 容器：

karaf@root()> logout

再次运行 Karaf 容器，指定对 secret 的引用，而不是值：

$ EXTRA_JAVA_OPTS="-Djavax.net.ssl.keyStorePassword=CS:javax.net.ssl.keyStorePassword" bin/karaf