Uploaded image for project: 'Red Hat Fuse'
  1. Red Hat Fuse
  2. ENTESB-15830

Avoid master's password stored as clear text

    XMLWordPrintable

Details

    • Enhancement
    • Resolution: Not a Bug
    • Major
    • fuse-7.9-GA
    • fuse-7.8-GA
    • Karaf
    • None
    • False
    • False
    • 2021-M3
    • % %
    • ?
    • Undefined

    Description

      When using the jasypt-encryption bundle to encrypt sensible configuration values for Blueprint files (i.e. LDAP module user's password), you have to store the master's password in clear text form inside an environment variable or Karaf system property. It would be good to have a way to hide the master's password using the same mechanism used for credential store, where it is masked inside a Karaf system property (security by obscurity).

      Attachments

        Issue Links

          relates to

          Enhancement - An enhancement to or refactoring of existing functionality that is not configurable by an end user (typically a change made by an internal team that affects users) ENTESB-15831 Provide stronger masking (PBE) algorithms for credential store

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Done

          Activity

            People

              ggrzybek Grzegorz Grzybek
              rhn-support-fvaleri Federico Valeri
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: