Create vault
Code Block |
---|
# create java keystore (for vault encription) keytool -genseckey -alias vault -storetype jceks -keyalg AES -keysize 128 -storepass password -validity 730 -keystore vault.keystore # create vault vault.sh -e /path/to/vault -k /path/to/scpm-vault.keystore -p password -i 64 -s 8chrsaltsalt8chr -b init -a init -c # add password to vault vault.sh -e /path/to/vault -k /path/to/vault.keystore -p secret -i 64 -s salt8chr -b DATABASE -a DBUSER_PASSWORD -x pasword |
Enable vault
Code Block | ||
---|---|---|
| ||
<host name="jboss1.example.com" xmlns="urn:jboss:domain:1.5">
..
<vault>
<vault-option name="KEYSTORE_URL" value="/path/to/vault.keystore"/>
<vault-option name="KEYSTORE_PASSWORD" value="MASK-113kk./wNc/mH4F409CbNp"/>
<vault-option name="KEYSTORE_ALIAS" value="vault"/>
<vault-option name="SALT" value="salt8chr"/>
<vault-option name="ITERATION_COUNT" value="64"/>
<vault-option name="ENC_FILE_DIR" value="/path/to/"/>
</vault> |
Use vault
Code Block |
---|
${VAULT::DATABASE::DBUSER_PASSWORD::1} instead of "password" in jboss configuration |