There are situations in which the only way to configure certain software components that might be used with Fuse/Fabric8 is by supplying system properties on the JVM command line. A case in point is those components that use JCE for SSL support, and require passwords to be specified as system properties (e.g., ``-Djavax.net.ssl.trustStorePassword=xxx``).
At present the only way to provide those properties is by editing the startup scripts (e.g., ``bin/karaf``) and entering the system properties there. However, this exposes their values in plaintext, which is a security weakness.
We need a way for fabric to read system properties like this from an encrypted file, and supply them to the JVM at startup. Mechanisms exist for the encryption of all kinds of passwords that Fuse might use, but not this one. Ideally Karaf could read an encrypted flle and make a bunch of System.setProperty() calls early in initialization – this would be preferable to decrypting an encrypted file and adding the properties to the JVM command line, because the values would still be exposed.
Making the necessary ``setProperty()`` calls as part of an application is troublesome because, by the time the application bundles get loaded, the code that reads these properties has already been executed, so they are set too late. Various work-arounds involving start-levels and ``startup.properties`` are available, but they aren't very elegant.
- is incorporated by
-
ENTESB-6493 Integrate fuse-credential-store into Fuse Karaf distribution
- Closed
- is related to
-
ENTESB-6493 Integrate fuse-credential-store into Fuse Karaf distribution
- Closed