Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-10694

WildFly Elytron Tool, Vault command summary contains MASKed password without iteration and salt when is used MASKed password for access to VAULT.

XMLWordPrintable

      Vault command summary contains MASKed password without --iteration and --salt when is used MASKed password for access to VAULT.

      MASKed password must contain SALT and ITERATION as is expected:
      credential-reference={clear-text="MASK-2hKo56F1a3jYGnJwhPmiF5;12345678;34"}
      FYI: plain text password is "secretsecret".

      How to reproduce
      Download all attachments to same location as wildfly-elytron-tool.jar and run this command:

      [hsvabek@dhcp-10-40-5-100 003]$ java -jar wildfly-elytron-tool.jar vault --enc-dir . --keystore server.store --keystore-password MASK-2hKo56F1a3jYGnJwhPmiF5 --salt 12345678 --iteration 34 --location converted001.store --alias jboss --summary
      Vault (enc-dir=".";keystore="server.store") converted to credential store "converted001.store"
      Vault Conversion summary:
      --------------------------------------
      Vault Conversion Successful
      CLI command to add new credential store:
      /subsystem=elytron/credential-store=cs:add(relative-to=jboss.server.data.dir,location="converted001.store",implementation-properties={},credential-reference={clear-text="MASK-2hKo56F1a3jYGnJwhPmiF5"})
      

      Credential reference contains MASKed password without salt and iteration (credential-reference=

      {clear-text="MASK-2hKo56F1a3jYGnJwhPmiF5"}

      )

        1. server.store
          0.5 kB
        2. VAULT.dat
          1 kB

            rhn-support-ivassile Ilia Vassilev
            hsvabek_jira Hynek Švábek (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: