Create vault
# create java keystore (for vault encription) keytool -genseckey -alias vault -storetype jceks -keyalg AES -keysize 128 -storepass password -validity 730 -keystore vault.keystore # create vault vault.sh -e /path/to/vault -k /path/to/vault.keystore -p password -i 64 -s salt8chr -b init -a init -c # add password to vault vault.sh -e /path/to/vault -k /path/to/vault.keystore -p secret -i 64 -s salt8chr -b DATABASE -a DBUSER_PASSWORD -x password # check if password in the vault vault.sh -e /path/to/vault -k /path/to/vault.keystore -p secret -i 64 -s salt8chr -b DATABASE -a DBUSER_PASSWORD -c
Enable vault
host.xml
<host name="jboss1.example.com" xmlns="urn:jboss:domain:1.5"> .. <vault> <vault-option name="KEYSTORE_URL" value="/path/to/vault.keystore"/> <vault-option name="KEYSTORE_PASSWORD" value="MASK-113kk./wNc/mH4F409CbNp"/> <vault-option name="KEYSTORE_ALIAS" value="vault"/> <vault-option name="SALT" value="salt8chr"/> <vault-option name="ITERATION_COUNT" value="64"/> <vault-option name="ENC_FILE_DIR" value="/path/to/"/> </vault>
Use vault
${VAULT::DATABASE::DBUSER_PASSWORD::1} instead of "password" in jboss configuration