Vault usage in a master-slave setup in EAP6

Solution Unverified - Updated -

Issue

  • There is a domain spreading two hosts and created an identical vault.jks on both hosts, then stored the exact same credential with the exact same salt, iteration count, etc in both stores, but received different values for the vault expression:-

    • host1:
    VAULT::block::attribute::YTZkYmUzODAtMGNjYy00NmFjLTkzZGMtYTRkN2U2ODkwZmE0TElORV9CUkVBS215YWxpYXM=
    
    • host2:
    VAULT::block::attribute::ZGVlNGJjMDItNzYzZS00ZjQ1LTk3MDktMzFmNDA2MWY5MmRjTElORV9CUkVBS215YWxpYXM=
    
    • When the first one is choosen ,The following exception on the second host takes place, since every EAP server instance is sharing one profile:-
    2013-01-15 22:02:05,381   [ServerService Thread Pool -- 48] ERROR org.jboss.as.controller.management-operation - JBAS014612: Operation ("enable") failed - address: ([
    ("subsystem" => "datasources"),
    ("data-source" => "java:jboss/jdbc/myDataSource")
    ]): java.lang.SecurityException: JBAS013311: Security Exception
    Caused by: org.jboss.security.vault.SecurityVaultException: PB00027: Vault Mismatch:Shared Key does not match for vault block:block and attributeName:attribute
    
  • Getting the following exception while starting the JBoss EAP after adding vault configuration using following CLI command :

/host=YOUR_HOST/core-service=vault:add(vault-options=[("KEYSTORE_URL" =>
"PATH_TO_KEYSTORE"), ("KEYSTORE_PASSWORD" => "MASKED_PASSWORD"),
("KEYSTORE_ALIAS" => "ALIAS"), ("SALT" => "SALT"),("ITERATION_COUNT" =>
"ITERATION_COUNT"), ("ENC_FILE_DIR" => "ENC_FILE_DIR")])

Environment

  • Red Hat JBoss Enterprise Application Platform (EAP)
    • 6.x

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.