You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Create vault

# create java keystore (for vault encription)
keytool -genseckey -alias vault -storetype jceks -keyalg AES -keysize 128 -storepass password -validity 730 -keystore vault.keystore
# create vault
vault.sh -e /path/to/vault -k /path/to/vault.keystore -p password -i 64 -s salt8chr -b init -a init -c	
# add password to vault
vault.sh -e /path/to/vault -k /path/to/vault.keystore -p secret -i 64 -s salt8chr -b DATABASE -a DBUSER_PASSWORD -x password

Enable vault

host.xml
<host name="jboss1.example.com" xmlns="urn:jboss:domain:1.5">
..
 <vault>
    <vault-option name="KEYSTORE_URL" value="/path/to/vault.keystore"/>
    <vault-option name="KEYSTORE_PASSWORD" value="MASK-113kk./wNc/mH4F409CbNp"/>
    <vault-option name="KEYSTORE_ALIAS" value="vault"/>
    <vault-option name="SALT" value="salt8chr"/>
    <vault-option name="ITERATION_COUNT" value="64"/>
    <vault-option name="ENC_FILE_DIR" value="/path/to/"/>
</vault>

 

Use vault

${VAULT::DATABASE::DBUSER_PASSWORD::1} instead of "password" in jboss configuration

 

 

  • No labels

Site may be often unavailable due to Russian invasion, but you can Help Ukraine