-
Bug
-
Resolution: Done
-
Critical
-
8.0.0.Beta
-
None
-
False
-
None
-
False
-
-
-
-
-
-
-
The initial description states "Please make note of your entry below in order to mask any subsequent passwords.".
Password masking is a terminology from older mechanism (vault) that was in previous EAP versions, we should now probably describe it better.
Also it is not clear, which values entered on this page would be needed to written down somewhere - the credential store created by this setup is using this operation and thus persisting every information in clear text form in the server configs:
/subsystem=elytron/credential-store=<name_of_credential_store>:add(path="<path_to_store_file>", relative-to=<base_path_to_store_file>, credential-reference={clear-text=<store_password>}, create=true)
Additionaly, since the password is in clear-text, when I read the documentation https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/8-beta/html-single/secure_storage_of_credentials_in_jboss_eap/index#proc_creating-a-credential-store-for-a-standalone-server_default the security for this seems to be accomplished by keeping credential store file in directory with limited access - this information should probably be mentioned on this configuration page, otherwise the whole point of security would be broken.