Migrating from vault to elytron credentials store

[Sathurshan S]

Hi,

Currently I'm  migrating the application from vault to elytron.

This is the custom security vault implementation

import org.eclipse.microprofile.config.Config;
import org.eclipse.microprofile.config.ConfigProvider;
import org.jboss.security.vault.SecurityVault;
import org.jboss.security.vault.SecurityVaultException;

import java.util.*;

public class CustomVault implements SecurityVault
{
private static final String VOLT_BLOCK= "customvault";

private boolean isInitFinished;
private Config config;

@Override
public void init(Map<String, Object> map)
{
config = ConfigProvider.getConfig();
isInitFinished = true;
}

@Override
public boolean isInitialized()
{
return isInitFinished;
}

@Override
public byte[] handshake(Map<String, Object> map) throws SecurityVaultException
{
return new byte[0];
}

@Override
public Set<String> keyList() throws SecurityVaultException
{
return new HashSet<>();
}

@Override
public boolean exists(String voltBlock, String attributeName) throws SecurityVaultException
{
return true;
}

@Override
public void store(String s, String s1, char[] chars, byte[] bytes) throws SecurityVaultException
{
throw new SecurityVaultException("Storing secrets not implemented.");
}

@Override
public char[] retrieve(String voltBlock, String attributeName, byte[] bytes) throws SecurityVaultException
{
return config.getOptionalValue(attributeName, String.class).orElse(new String(bytes)).toCharArray();
}

@Override
public boolean remove(String s, String s1, byte[] bytes) throws SecurityVaultException
{
throw new SecurityVaultException("Removing secrets not implemented.");
}
}

standalone.xml
<vault code="se.cambio.platform.jboss.vault.CustomVault" module="se.cambio.platform.jboss.vault"/>

This is the old implementation that I did an year ago. basically we're using the microprofile api to get the secrets. 
${VAULT:: customvault::ssl.keystore.password::abc123}
this way I refer ssl keystore password in standalone.xml

we're planning to migrate this same logic to credentials store

public class CustomCredentialStore extends CredentialStoreSpi{}

public class CustomProvider extends Provider {

public CustomTestProvider() {
super("CustomProvider", 0.1, "Custom Provider");
putService(new Service(this, CredentialStore.CREDENTIAL_STORE_TYPE, CustomCredentialStore.CUSTOM_CREDENTIAL_STORE, CustomCredentialStore.class.getName(), Collections.emptyList(), Collections.emptyMap()));
}}

add I configured this provider in the standalone.xml file
<subsystem xmlns="urn:wildfly:elytron:8.0" final-providers="combined-providers" disallowed-providers="OracleUcrypto">
            <providers>
                <provider-loader name="elytron" module="org.wildfly.security.elytron"/>
                <provider-loader name="openssl" module="org.wildfly.openssl"/>
                <provider-loader name="CustomTestProvider" module="se.cambio.platform.jboss.vault"/>
            </providers>
</subsystem>

 referred the store to get the credentials
 <key-stores>
                    <key-store name="KeyStore">
                        <credential-reference store="CustomCredentialStore" alias="env.ssl.keystore.password"/>
                        <implementation type="JKS"/>
                        <file path="ssl.keystore"/>
                    </key-store>
                </key-stores>

this implementation is not working. how to configure the custom credential store java implementation in wildfly(because we have to use the microprofile api)? how to refer that in standalone.xml?