Credential Store to replace keystore password
251 views
Skip to first unread message
Shwetabh Srijan
Jan 25, 2023, 10:20:39 AM1/25/23
to WildFly
Earlier we were using Password Vault where after vault creation, substitution for the keystore password was simple.
keystore-password simply had this field - “${VAULT::abcVault::xyzKeystorePass::1}”
keystore-password simply had this field - “${VAULT::abcVault::xyzKeystorePass::1}”
Now we are moving to Credential Store, after store creation using elytron tool command, I am unable to figure out how this will replace the keystore-password field within the security-realm tag.
My hosts.xml Security realm looks something like below:
<security-realm name="xxxRealm">
<server-identities>
<ssl>
<keystore path="${abc}/keystore/xyz.keystore" keystore-password="abcdef" alias="abcz" key-password="xyzxx"/>
</ssl>
</server-identities>
<authentication>
<truststore path=" ${abc}/keystore/xyz.keystore " keystore-password=" abcdef "/>
</authentication>
</security-realm>
<server-identities>
<ssl>
<keystore path="${abc}/keystore/xyz.keystore" keystore-password="abcdef" alias="abcz" key-password="xyzxx"/>
</ssl>
</server-identities>
<authentication>
<truststore path=" ${abc}/keystore/xyz.keystore " keystore-password=" abcdef "/>
</authentication>
</security-realm>
Cameron Rodriguez
Jan 25, 2023, 1:25:34 PM1/25/23
to Shwetabh Srijan, WildFly
Hi Shwetabh,
When you migrate the configuration of the key store, there is a new element "<credential-reference>" which will let you reference the credential store.You can see an example of how to use this with the management CLI, in the Elytron docs on credential stores: https://docs.wildfly.org/27/WildFly_Elytron_Security.html#management-model-references You might also find the notes on migrating an SSL context helpful: https://docs.wildfly.org/27/WildFly_Elytron_Security.html#Simple_SSL_Migration
When you migrate the configuration of the key store, there is a new element "<credential-reference>" which will let you reference the credential store.You can see an example of how to use this with the management CLI, in the Elytron docs on credential stores: https://docs.wildfly.org/27/WildFly_Elytron_Security.html#management-model-references You might also find the notes on migrating an SSL context helpful: https://docs.wildfly.org/27/WildFly_Elytron_Security.html#Simple_SSL_Migration
Best,
--
You received this message because you are subscribed to the Google Groups "WildFly" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wildfly+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wildfly/8f51f016-4e82-49b7-ab6a-9726b4aec7fbn%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages