Encrypt DB-Password¶

The definition of datasources in JEE-Container requires user and password.
Password encrytion depends on the JEE-Container.
It can be encrypted done as follows:

Wildfly¶

Encrypt password with

%JAVA_HOME%\bin\java -cp modules\system\layers\base\org\picketbox\main\picketbox-5.0.3.Final.jar org.picketbox.datasource.security.SecureIdentityLoginModule PLAIN-PASSWORD

insight\wild\ contains encrypt.bat with this command.

Edit standalone.xml and insert a new security-domain, where user and encrypted password are defined:

Search entry subsystem xmlns="urn:jboss:domain:security and enter the following snippet

<security-domain name="encrypted-ds-mssql" cache-type="default">
    <authentication>
        <login-module code="org.picketbox.datasource.security.SecureIdentityLoginModule" flag="required">
            <module-option name="username" value="<USER>"/>
            <module-option name="password" value="<encrypt-password-with-encrypter-script>"/>
        </login-module>
    </authentication>
</security-domain>

Use security-domain in datasource definition instead of user and password

<security>
    <security-domain>encrypted-ds-mssql</security-domain>                    
</security>

Please use different security-domains for different datasources : https://bugzilla.redhat.com/show_bug.cgi?id=1103684

TomEE¶

Encrypt password with
```
.\bin\tomee.bat cipher PLAINPASSWORD
```

Edit tomee.xml and add encrypted password and property PasswordCipher to Datasource-Resource

<Resource ...   type="javax.sql.DataSource">
    ...
        Password = llZzVkn5OSpDfx4y/On83A==
        PasswordCipher = Static3DES
    ... 
</Resource>

Please see

https://yottabrain.org/tomcat/tomee-datasource-password-encryption/

http://tomee.apache.org/datasource-password-encryption.html

for password encryption in tomee.xml