Hi,
Currently I'm migrating the application from vault to elytron.
This is the custom security vault implementation
import org.eclipse.microprofile.config.Config;
import org.eclipse.microprofile.config.ConfigProvider;
import org.jboss.security.vault.SecurityVault;
import org.jboss.security.vault.SecurityVaultException;
import java.util.*;
public class CustomVault implements SecurityVault
{
private static final String
VOLT_BLOCK= "customvault";
private boolean isInitFinished;
private Config config;
@Override
public void init(Map<String, Object> map)
{
config = ConfigProvider.
getConfig();
isInitFinished = true;
}
@Override
public boolean isInitialized()
{
return isInitFinished;
}
@Override
public byte[] handshake(Map<String, Object> map) throws SecurityVaultException
{
return new byte[0];
}
@Override
public Set<String> keyList() throws SecurityVaultException
{
return new HashSet<>();
}
@Override
public boolean exists(String voltBlock, String attributeName) throws SecurityVaultException
{
return true;
}
@Override
public void store(String s, String s1, char[] chars, byte[] bytes) throws SecurityVaultException
{
throw new SecurityVaultException("Storing secrets not implemented.");
}
@Override
public char[] retrieve(String voltBlock, String attributeName, byte[] bytes) throws SecurityVaultException
{
return config.getOptionalValue(attributeName, String.class).orElse(new String(bytes)).toCharArray();
}
@Override
public boolean remove(String s, String s1, byte[] bytes) throws SecurityVaultException
{
throw new SecurityVaultException("Removing secrets not implemented.");
}
}
standalone.xml
<vault code="se.cambio.platform.jboss.vault.CustomVault" module="se.cambio.platform.jboss.vault"/>
This is the old implementation that I did an year ago. basically we're using the microprofile api to get the secrets.
${VAULT::
customvault::ssl.keystore.password::abc123}
this way I refer ssl keystore password in standalone.xml
we're planning to migrate this same logic to credentials store
public class CustomCredentialStore extends CredentialStoreSpi{}
public class CustomProvider extends Provider {
public CustomTestProvider() {
super("CustomProvider", 0.1, "Custom Provider");
putService(new Service(this, CredentialStore.CREDENTIAL_STORE_TYPE, CustomCredentialStore.CUSTOM_CREDENTIAL_STORE, CustomCredentialStore.class.getName(), Collections.emptyList(), Collections.emptyMap()));
}}
add I configured this provider in the standalone.xml file
<subsystem xmlns="urn:wildfly:elytron:8.0" final-providers="combined-providers" disallowed-providers="OracleUcrypto">
<providers>
<provider-loader name="elytron" module="org.wildfly.security.elytron"/>
<provider-loader name="openssl" module="org.wildfly.openssl"/>
<provider-loader name="CustomTestProvider" module="se.cambio.platform.jboss.vault"/>
</providers>
</subsystem>
referred the store to get the credentials
<key-stores>
<key-store name="KeyStore">
<credential-reference store="CustomCredentialStore" alias="env.ssl.keystore.password"/>
<implementation type="JKS"/>
<file path="ssl.keystore"/>
</key-store>
</key-stores>
this implementation is not working. how to configure the custom credential store java implementation in wildfly(because we have to use the microprofile api)? how to refer that in standalone.xml?