Loading...

XML

Word

Printable

Details

Type: Enhancement
Resolution: Done
Priority: Major
Fix Version/s: 12.0.0.Dev07, 12.0.0.Final
Affects Version/s: None
Component/s: Security, Server
Labels:
None

Git Pull Request:
https://github.com/infinispan/infinispan/pull/8841

Description

When the server was based on WildFly, it was possible to store configuration passwords in a vault so that the config file wouldn't have them as clear text. We should have similar functionality patterned on Elytron's credential store.

<security>
         <credential-stores>
            <credential-store name="server" path="server.keystore" relative-to="infinispan.server.config.path" create="true" modifiable="false">
               <credential-reference clear-text="password" />
            </credential-store>
         </credential-stores>
... 
</security>

Credentials should then be referenced using the store name and the alias, e.g.:

<data-source name="postgres" jndi-name="jdbc/postgres" statistics="true">
      <connection-factory driver="org.postgresql.Driver"  username="dbuser">
         <credential-reference store="server" alias="dbpassword"/>
      </connection-factory>
   </data-source>

http://docs.wildfly.org/20/WildFly_Elytron_Security.html#keystorecredentialstore

Attachments

Activity

People

Assignee:: Tristan Tarrant

Reporter:: Tristan Tarrant

Votes:: 1 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2020/07/09 3:21 AM

Updated:: 2021/03/08 6:02 AM

Resolved:: 2020/11/25 8:19 AM