Elytron credential store as Key store
753 views
Skip to first unread message
Amit Pareek
Jan 9, 2023, 10:25:55 AM1/9/23
to WildFly
Hi team,
We are currently moving from weblogic to wildfly.
In the case of weblogic Master Key is stored in encrypted format in a property file and the encryption and decryption APIs are provided by weblogic. Key management is also done by weblogic.
- There should be an option to store the MASTER KEY in the encrypted format using scripts or tool. This should be shared with the key custodian of the respective environment.
- There should be a Java API to retrieve the MASTER KEY in the application for doing the decryption.
What is the alternative for this in Wildfly ?
Thanks .
Thanks,
Amit Pareek.
Diana Krepinska
Jan 12, 2023, 4:35:32 PM1/12/23
to WildFly
Hello. You can check out the credential store APIs https://docs.wildfly.org/26/WildFly_Elytron_Security.html#credentialstore-apis if it suits your use case. It documents how to obtain an instance of KeyStoreCredentialStore that can be used to store and retrieve credentials also in an application.
Amit Pareek
Jan 15, 2023, 7:22:58 AM1/15/23
to WildFly
Hi Diana ,
Thanks for this , we tried this code but its not working.
We are trying it on Wildfly 26 .
- using given code repo link, we are able to create and initialize CS
2. but when we use below 2 jboss-cli commands to create CS file and then read using the given code, it breaks
./jboss-cli.bat -c --command=“/subsystem=elytron/credential-store=my_new_store:add(location=“csstore.cs”, relative-to=jboss.server.data.dir, credential-reference={clear-text=mypassword},create=true)”
./jboss-cli.bat -c --command=“/subsystem=elytron/credential-store=my_new_store:add-alias(alias=database-pw, secret-value=“amitsecret”)”
3. it throws following exception. are we missing anything?
Exception in thread “main” org.wildfly.security.credential.store.CredentialStoreException: ELY09514: Unable to initialize credential store
at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.load(KeyStoreCredentialStore.java:906)
at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.initialize(KeyStoreCredentialStore.java:224)
at org.wildfly.security.credential.store.CredentialStore.initialize(CredentialStore.java:160)
at org.wildfly.security.credential.store.CredentialStore.initialize(CredentialStore.java:172)
at org.wildfly.security.examples.CredentialStoreExample.main(CredentialStoreExample.java:105)
Caused by: java.io.IOException: Invalid keystore format
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:658)
at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56)
at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224)
at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70)
at java.security.KeyStore.load(KeyStore.java:1445)
at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.load(KeyStoreCredentialStore.java:894)
... 4 more
at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.load(KeyStoreCredentialStore.java:906)
at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.initialize(KeyStoreCredentialStore.java:224)
at org.wildfly.security.credential.store.CredentialStore.initialize(CredentialStore.java:160)
at org.wildfly.security.credential.store.CredentialStore.initialize(CredentialStore.java:172)
at org.wildfly.security.examples.CredentialStoreExample.main(CredentialStoreExample.java:105)
Caused by: java.io.IOException: Invalid keystore format
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:658)
at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56)
at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224)
at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70)
at java.security.KeyStore.load(KeyStore.java:1445)
at org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.load(KeyStoreCredentialStore.java:894)
... 4 more
I want to go step by step --
1)first by creating credential store and saving a password in an alias to the newly created credential store.
2) Using JAVA api reading the alias value from credential store.
Thanks,
Amit.
Diana Krepinska
Jan 18, 2023, 9:25:21 AM1/18/23
to WildFly
Hello,
not sure why, but it seems you have incompatible keystore formats/types. Note that if you are creating a credential store in the CLI with attribute create=true, you do not need to create it beforehand in the code. Those 2 commands create a credential store and add an alias. Then in your code, you should be able to use elytron API to access it.
Here is more detailed example code https://github.com/wildfly-security-incubator/elytron-examples/tree/main/credential-store and a blog post http://darranl.blogspot.com/2019/06/wildfly-elytron-credential-store-apis.html describing it.
Amit Pareek
Jan 19, 2023, 1:40:46 AM1/19/23
to WildFly
Hello Diana ,
Is this code tested for Wildfly 26. ?
Or if someone can test and share it will be a great help .
Diana Krepinska
Jan 25, 2023, 7:45:43 AM1/25/23
to WildFly
Hi, yes the code is tested for WF26. I will test and share my result / example here
Amit Pareek
Jan 30, 2023, 12:11:27 PM1/30/23
to WildFly
Hi Diana,
Did you got chance to test on 26 ?
Diana Krepinska
Feb 13, 2023, 10:06:31 AM2/13/23
to WildFly
Hello Amit,
sorry for the delay. I submitted PR with the example
https://github.com/wildfly-security-incubator/elytron-examples/pull/163 .You can check it out and let me know if it addresses your problem? The example goes through creating of credential store using wildfly CLI, and then accessing of the credential store in java code. Thanks!
Reply all
Reply to author
Forward
0 new messages