Uploaded image for project: 'Infinispan'
  1. Infinispan
  2. ISPN-13715

Support masked and external credential store passwords

XMLWordPrintable

    • Icon: Enhancement Enhancement
    • Resolution: Done
    • Icon: Major Major
    • 14.0.0.Final
    • None
    • Security, Server
    • None

      Instead of providing credential store’s master password in the clear, we should allow providing that password using a pseudo credential store.

      Command
      External command using java.lang.ProcessBuilder. If parameters are needed, they are supplied using a comma-separated list of strings. An external command refers to any executable from the operation system, for example a shell script or an executable binary. The password is read from the standard output of the executed command.

      <command-credential command="/path/to/command.sh arg1 arg2"/>
      

      MASK
      Masked password using PBE, or Password Based Encryption. It must be in the following format, which includes the SALT and ITERATION values:

      MASKED_VALUE;SALT;ITERATION

      <masked-credential masked="NqMznhSbL3lwRpDmyuqLBW==;12345678;123"/> 

              ttarrant@redhat.com Tristan Tarrant
              ttarrant@redhat.com Tristan Tarrant
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: