Avoid plain DB-Password¶
The definition of datasources in JEE-Container requires user and password. Password can be stored in credential-store and a secret can be used in standalone.xml instead of plain password.
Wildfly¶
- start Wildfly
- start bin/jboss-cli.bat
-
connect
-
create a credential-store
/subsystem=elytron/credential-store=insightCredentialStore:add(path="insightCredentialStore.jceks", relative-to=jboss.server.data.dir, credential-reference={clear-text=password}, create=true)
-
add a secret for password
/subsystem=elytron/credential-store=insightCredentialStore:add-alias(alias=insightDBAlias, secret-value=<PLAIN-PASSWORD>)
-
use secret instead of plain password in datasource
<credential-reference store="insightCredentialStore" alias="insightDBAlias"/>