JBoss VAULT credentials - Almax84/consulting-wiki GitHub Wiki

• Crea il keystore

keytool -genseckey -alias Vault -storetype jceks -keyalg AES -keysize 128 -storepass secretsecret -keypass secretsecret -keystore /home/jboss/vault/vault.keystore

• Utilizzare il tool vault.sh di JBoss per inizializzare il Vault. Questo produrrà un blocco che andrà inserito manualmente nel file host-*.xml/standalone.xml oppure mostrerà a schermo le eventuali cli da eseguire.

jboss-eap-7.4/bin/vault.sh --keystore /home/jboss/vault/vault.keystore --keystore-password secretsecret --alias vault --enc-dir /home/jboss/vault/ --iteration 120 --salt 1234abcd --vault-block vb --attribute password --sec-attr pass-da-proteggere

Please make note of the following:
********************************************
Vault Block:vb
Attribute Name:password
Configuration should be done as follows:
VAULT::vb::password::1
********************************************
WFLYSEC0048: Vault Configuration commands in WildFly for CLI:
********************************************
For standalone mode:
/core-service=vault:add(vault-options=[("KEYSTORE_URL" => "/home/jboss/vault/vault.keystore"),("KEYSTORE_PASSWORD" => "MASK-3/VyfsvXmU95R/eApJkr14"),("KEYSTORE_ALIAS" => "vault"),("SALT" => "1234abcd"),("ITERATION_COUNT" => "120"),("ENC_FILE_DIR" => "/home/jboss/vault/")])
********************************************
For domain mode:
/host=the_host/core-service=vault:add(vault-options=[("KEYSTORE_URL" => "/home/jboss/vault/vault.keystore"),("KEYSTORE_PASSWORD" => "MASK-3/VyfsvXmU95R/eApJkr14"),("KEYSTORE_ALIAS" => "vault"),("SALT" => "1234abcd"),("ITERATION_COUNT" => "120"),("ENC_FILE_DIR" => "/home/jboss/vault/")])
********************************************

L'output di sopra mostra anche le CLI da eseguire

• password da proteggere

/profile=default/subsystem=datasources/data-source=odf:write-attribute(name=password, value=${VAULT::vb::password::1})