Skip to content

Avoid plain DB-Password

The definition of datasources in JEE-Container requires user and password. Password can be stored in credential-store and a secret can be used in standalone.xml instead of plain password.

Wildfly

  • start Wildfly
  • start bin/jboss-cli.bat

  • connect

  • create a credential-store

    /subsystem=elytron/credential-store=insightCredentialStore:add(path="insightCredentialStore.jceks", relative-to=jboss.server.data.dir, credential-reference={clear-text=password}, create=true)

  • add a secret for password

    /subsystem=elytron/credential-store=insightCredentialStore:add-alias(alias=insightDBAlias, secret-value=<PLAIN-PASSWORD>)

  • use secret instead of plain password in datasource

    <credential-reference store="insightCredentialStore" alias="insightDBAlias"/>