Jboss7 uses the vault data source password for encryption,

Source: Internet
Author: User

Jboss7 uses the vault data source password for encryption,


Today, a project customer puts forward an audit requirement that the database password cannot be stored in plain text in files. Of course, the product uses the jboss container and the standard encryption method provided by jboss, read my other article

Http://blog.csdn.net/iberr/article/details/40896479


At that time, I happily told the customer that there was no problem!

The problem is that this product is a new version, which encrypts the Database Password,... it is not a common encryption method, but an encrypted key file. after consulting the product support, I understood it. I have many questions and do not understand them.


No matter how many keys are generated


First, configure the Jboss7 data source as follows:

<datasource enabled="true" jndi-name="java:/jdbc/PRD1_WH1" jta="true" pool-name="jdbc/PRD1_WH1" use-java-context="true"><connection-url>jdbc:oracle:thin:@wmsdb:1521:SCPRD</connection-url><driver>infor10</driver><pool><min-pool-size>1</min-pool-size><max-pool-size>100</max-pool-size><use-strict-min>true</use-strict-min></pool><security><user-name>enterprise</user-name><password>${VAULT::jdbc/PRD1_WH1::password::ZDBiODM4OTktMTkxMy00YjExLTllNWUtYWJmZTA1ZTY2N2Y4TElORV9CUkVBS3ZhdWx0}</password></security><new-connection-sql>ALTER SESSION SET NLS_DATE_FORMAT = 'yyyy/mm/dd hh24:mi:ss'</new-connection-sql></datasource>
See the <password> node. The encryption method provided by jboss is completely different.

There is a key file in the same directory as the data source configuration file.



So the question is, how can we change it?

{Jboss-home}/bin/vault. bat/sh:


Select 0


At this time, let me enter the directory of the encryption file. As we mentioned above, it is in the same directory as the data source configuration file, so {jboss-home}/{server}/configuration/


Enter the key file path, and enter {jboss-home}/{server}/configuration/vault. keystore.


Other prompts such as entering the key password may be related to generating the key



After entering the key alias, the system prompts you to enter the key alias, which is also set when the key is generated (input errors cannot be performed subsequently)


If the above interface is displayed, it indicates that all the preceding operations are successful. You can start to generate the ciphertext. Select 0.



Note: $ {VAULT: [Vault Block]: [Attribute Name]: [Attribute Name]}

After the above generation is complete, replace the above string with the data source

datasource enabled="true" jndi-name="java:/jdbc/PRD1_WH1" jta="true" pool-name="jdbc/PRD1_WH1" use-java-context="true"><connection-url>jdbc:oracle:thin:@wmsdb:1521:SCPRD</connection-url><driver>infor10</driver><pool><min-pool-size>1</min-pool-size><max-pool-size>100</max-pool-size><use-strict-min>true</use-strict-min></pool><security><user-name>enterprise</user-name><password>${VAULT::testBlock::password::NGRmZWZiZjItOTgxYS00NWZiLWI0NTktMDQ4YTQzZjdlNTJlTElORV9CUkVBS3ZhdWx0}</password></security><new-connection-sql>ALTER SESSION SET NLS_DATE_FORMAT = 'yyyy/mm/dd hh24:mi:ss'</new-connection-sql></datasource>


I hope you can complete the discussion.




Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.