How to use vault.sh on JBoss EAP cartridge of OpenShift

Solution In Progress - Updated -

Environment

  • OpenShift Enterprise
    • 2.0, 2.1

Issue

  • I'm looking for the way of password encryption of LDAP login module in JBoss EAP on Openshift Enterprise.
  • EAP cartridge of OpenShift Enterprise doesn't have vault.sh in bin directory.

Resolution

Using the JBoss Vault is not as simple as using the JBoss CLI with in OpenShift however it can still be used, if you know where to find the necessary components. IE the script (/usr/share/jbossas/bin/vault.sh).

  • On OpenShift Enterprise. Follow the following steps.
  1. SSH to your application

    $ rhc ssh $YOUR_APP
    
  2. Create keystore

    [dbtest-demo.openshift.example.com data]\> keytool -genkey -alias vault -keystore $OPENSHIFT_DATA_DIR/vault.keystore -keyalg RSA -keysize 1024 -storepass vault22 -keypass vault22 -dname "CN=Picketbox vault,OU=picketbox,O=JBoss,L=chicago,ST=il,C=us"
    
  3. Execute vault.sh
  [dbtest-demo.openshift.example.com 53e9be82e659c51994000065]\> cd $OPENSHIFT_DATA_DIR
  [dbtest-demo.openshift.example.com data]\> /usr/share/jbossas/bin/vault.sh

  Please enter a Digit::   0: Start Interactive Session  1: Remove Interactive Session  2: Exit
  0
  Starting an interactive session
  Enter directory to store encrypted files:/var/lib/openshift/53e9be82e659c51994000065/app-root/data/
  Enter Keystore URL:/var/lib/openshift/53e9be82e659c51994000065/app-root/data/vault.keystore
  Enter Keystore password:
  Enter Keystore password again:
  Values match
  Enter 8 character salt:12345678
  Enter iteration count as a number (Eg: 44):50
  Enter Keystore Alias:vault
  Initializing Vault
  Aug 12, 2014 11:59:26 AM org.picketbox.plugins.vault.PicketBoxSecurityVault init
  INFO: PBOX000361: Default Security Vault Implementation Initialized and Ready
  Vault Configuration in AS7 config file:
  ********************************************
  <vault>
    <vault-option name="KEYSTORE_URL" value="/var/lib/openshift/53e9be82e659c51994000065/app-root/data/vault.keystore"/>
    <vault-option name="KEYSTORE_PASSWORD" value="MASK-5WNXs8oEbrs"/>
    <vault-option name="KEYSTORE_ALIAS" value="vault"/>
    <vault-option name="SALT" value="12345678"/>
    <vault-option name="ITERATION_COUNT" value="50"/>
    <vault-option name="ENC_FILE_DIR" value="/var/lib/openshift/53e9be82e659c51994000065/app-root/data/"/>
  </vault>
  ********************************************
  Vault is initialized and ready for use
  Handshake with Vault complete
  Please enter a Digit::   0: Store a secured attribute  1: Check whether a secured attribute exists  2: Exit
  0
  Task: Store a secured attribute
  Please enter secured attribute value (such as password):
  Please enter secured attribute value (such as password) again:
  Values match
  Enter Vault Block:example_block
  Enter Attribute Name:password_name
  Secured attribute value has been stored in vault.
  Please make note of the following:
  ********************************************
  Vault Block:example_block
  Attribute Name:password_name
  Configuration should be done as follows:
  VAULT::example_block::password_name::1
  ********************************************
  Please enter a Digit::   0: Store a secured attribute  1: Check whether a secured attribute exists  2: Exit
  2

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.