Details
-
Enhancement
-
Resolution: Done
-
Major
-
None
-
None
Description
When the server was based on WildFly, it was possible to store configuration passwords in a vault so that the config file wouldn't have them as clear text. We should have similar functionality patterned on Elytron's credential store.
<security> <credential-stores> <credential-store name="server" path="server.keystore" relative-to="infinispan.server.config.path" create="true" modifiable="false"> <credential-reference clear-text="password" /> </credential-store> </credential-stores> ... </security>
Credentials should then be referenced using the store name and the alias, e.g.:
<data-source name="postgres" jndi-name="jdbc/postgres" statistics="true"> <connection-factory driver="org.postgresql.Driver" username="dbuser"> <credential-reference store="server" alias="dbpassword"/> </connection-factory> </data-source>
http://docs.wildfly.org/20/WildFly_Elytron_Security.html#keystorecredentialstore