Uploaded image for project: 'Infinispan'
  1. Infinispan
  2. ISPN-12101

Add credential store support to the server

This issue belongs to an archived project. You can view it, but you can't modify it. Learn more

XMLWordPrintable

    • Icon: Enhancement Enhancement
    • Resolution: Done
    • Icon: Major Major
    • 12.0.0.Final
    • None
    • Security, Server
    • None

      When the server was based on WildFly, it was possible to store configuration passwords in a vault so that the config file wouldn't have them as clear text. We should have similar functionality patterned on Elytron's credential store.

      <security>
         <credential-stores>
            <credential-store name="server" path="server.keystore" relative-to="infinispan.server.config.path" create="true" modifiable="false">
               <credential-reference clear-text="password" />
            </credential-store>
         </credential-stores>
... 
</security>

      Credentials should then be referenced using the store name and the alias, e.g.:

      <data-source name="postgres" jndi-name="jdbc/postgres" statistics="true">
      <connection-factory driver="org.postgresql.Driver"  username="dbuser">
         <credential-reference store="server" alias="dbpassword"/>
      </connection-factory>
   </data-source>

      http://docs.wildfly.org/20/WildFly_Elytron_Security.html#keystorecredentialstore

              ttarrant@redhat.com Tristan Tarrant
              ttarrant@redhat.com Tristan Tarrant
              Archiver:
              rhn-support-adongare Amol Dongare

                Created:
                Updated:
                Resolved:
                Archived: