[v1] Encryption for system properties?

13 views
Skip to first unread message

Steve G

unread,
Feb 8, 2016, 11:31:10 AM2/8/16
to fabric8
Hi all,

We have a v1 system where we have had to enable SSL, and some attributes related to that are kept encrypted at the profile level.  For instance, javax.net.ssl.keyStorePassword is defined in the io.fabric8.agent.properties profile as:

  system.javax.net.ssl.keyStorePassword=${crypt:some-encrypted-value}

This works to encrypt the value inside hawtio, but inside the running containers, it still results in the plaintext value written to etc/system.properties (I assume as a function of the ContainerProviderUtils in fabric-core writing all system properties in options out to that file, and the EncryptedPropertyResolver having decoded the crypt value).

Is there any way for us to get the encrypted value all the way to the file level, so that it is not shown in plaintext at any level?  This is tricky for the KS/TS parameters as they must be set very early in the JVM initialization, so moving them out of system properties and into something else that requires postprocessing would probably not let us set the parameters in time.

Thanks,
Steve

Claus Ibsen

unread,
Feb 11, 2016, 6:37:02 AM2/11/16
to Steve G, fabric8
Hi

This mailing list is mostly about the new v2 version of fabric8.

However I would suggest to get in touch with the jboss fuse team to
discuss this. Maybe they could ENH v1 and write the encrypted option
value instead of the plain text somehow.

You are also welcome to dive into the source code to see if you can
come up with a solution. The v1 source is at jboss fuse at:
https://github.com/jboss-fuse/fabric8

If you have a JBoss Fuse subscription then I suggest to use that as a
way of getting attention to this, as you can use the Red Hat customer
portal to add requests for new features and get help with the jboss
fuse product.
> --
> You received this message because you are subscribed to the Google Groups
> "fabric8" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to fabric8+u...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.



--
Claus Ibsen
-----------------
http://davsclaus.com @davsclaus
Camel in Action 2: https://www.manning.com/ibsen2
Reply all
Reply to author
Forward
0 new messages