Vault usage in a master-slave setup in EAP6

Solution Unverified - Updated -

Issue

  • There is a domain spreading two hosts and created an identical vault.jks on both hosts, then stored the exact same credential with the exact same salt, iteration count, etc in both stores, but received different values for the vault expression:-

    • host1:
    VAULT::block::attribute::YTZkYmUzODAtMGNjYy00NmFjLTkzZGMtYTRkN2U2ODkwZmE0TElORV9CUkVBS215YWxpYXM=
    • host2:
    VAULT::block::attribute::ZGVlNGJjMDItNzYzZS00ZjQ1LTk3MDktMzFmNDA2MWY5MmRjTElORV9CUkVBS215YWxpYXM=
    • When the first one is choosen ,The following exception on the second host takes place, since every EAP server instance is sharing one profile:-
    2013-01-15 22:02:05,381   [ServerService Thread Pool -- 48] ERROR org.jboss.as.controller.management-operation - JBAS014612: Operation ("enable") failed - address: ([
("subsystem" => "datasources"),
("data-source" => "java:jboss/jdbc/myDataSource")
]): java.lang.SecurityException: JBAS013311: Security Exception
Caused by: org.jboss.security.vault.SecurityVaultException: PB00027: Vault Mismatch:Shared Key does not match for vault block:block and attributeName:attribute

  • Getting the following exception while starting the JBoss EAP after adding vault configuration using following CLI command :

/host=YOUR_HOST/core-service=vault:add(vault-options=[("KEYSTORE_URL" =>
"PATH_TO_KEYSTORE"), ("KEYSTORE_PASSWORD" => "MASKED_PASSWORD"),
("KEYSTORE_ALIAS" => "ALIAS"), ("SALT" => "SALT"),("ITERATION_COUNT" =>
"ITERATION_COUNT"), ("ENC_FILE_DIR" => "ENC_FILE_DIR")])

Environment

  • Red Hat JBoss Enterprise Application Platform (EAP)
    • 6.x

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content