Jboss7 uses the vault data source password for encryption,

Jboss7 uses the vault data source password for encryption,

Today, a project customer puts forward an audit requirement that the database password cannot be stored in plain text in files. Of course, the product uses the jboss container and the standard encryption method provided by jboss, read my other article

Http://blog.csdn.net/iberr/article/details/40896479

At that time, I happily told the customer that there was no problem!

The problem is that this product is a new version, which encrypts the Database Password,... it is not a common encryption method, but an encrypted key file. after consulting the product support, I understood it. I have many questions and do not understand them.

No matter how many keys are generated

First, configure the Jboss7 data source as follows:

<datasource enabled="true" jndi-name="java:/jdbc/PRD1_WH1" jta="true" pool-name="jdbc/PRD1_WH1" use-java-context="true"><connection-url>jdbc:oracle:thin:@wmsdb:1521:SCPRD</connection-url><driver>infor10</driver><pool><min-pool-size>1</min-pool-size><max-pool-size>100</max-pool-size><use-strict-min>true</use-strict-min></pool><security><user-name>enterprise</user-name><password>${VAULT::jdbc/PRD1_WH1::password::ZDBiODM4OTktMTkxMy00YjExLTllNWUtYWJmZTA1ZTY2N2Y4TElORV9CUkVBS3ZhdWx0}</password></security><new-connection-sql>ALTER SESSION SET NLS_DATE_FORMAT = 'yyyy/mm/dd hh24:mi:ss'</new-connection-sql></datasource>

See the <password> node. The encryption method provided by jboss is completely different.

There is a key file in the same directory as the data source configuration file.

So the question is, how can we change it?

{Jboss-home}/bin/vault. bat/sh:

Select 0

At this time, let me enter the directory of the encryption file. As we mentioned above, it is in the same directory as the data source configuration file, so {jboss-home}/{server}/configuration/

Enter the key file path, and enter {jboss-home}/{server}/configuration/vault. keystore.

Other prompts such as entering the key password may be related to generating the key

After entering the key alias, the system prompts you to enter the key alias, which is also set when the key is generated (input errors cannot be performed subsequently)

If the above interface is displayed, it indicates that all the preceding operations are successful. You can start to generate the ciphertext. Select 0.

Note: $ {VAULT: [Vault Block]: [Attribute Name]: [Attribute Name]}

After the above generation is complete, replace the above string with the data source

datasource enabled="true" jndi-name="java:/jdbc/PRD1_WH1" jta="true" pool-name="jdbc/PRD1_WH1" use-java-context="true"><connection-url>jdbc:oracle:thin:@wmsdb:1521:SCPRD</connection-url><driver>infor10</driver><pool><min-pool-size>1</min-pool-size><max-pool-size>100</max-pool-size><use-strict-min>true</use-strict-min></pool><security><user-name>enterprise</user-name><password>${VAULT::testBlock::password::NGRmZWZiZjItOTgxYS00NWZiLWI0NTktMDQ4YTQzZjdlNTJlTElORV9CUkVBS3ZhdWx0}</password></security><new-connection-sql>ALTER SESSION SET NLS_DATE_FORMAT = 'yyyy/mm/dd hh24:mi:ss'</new-connection-sql></datasource>

I hope you can complete the discussion.