Skip to content

Encrypt DB-Password

The definition of datasources in JEE-Container requires user and password.
Password encrytion depends on the JEE-Container.
It can be encrypted done as follows:

Wildfly

  • Encrypt password with

    %JAVA_HOME%\bin\java -cp modules\system\layers\base\org\picketbox\main\picketbox-5.0.3.Final.jar org.picketbox.datasource.security.SecureIdentityLoginModule PLAIN-PASSWORD
    

    insight\wild\ contains encrypt.bat with this command.

  • Edit standalone.xml and insert a new security-domain, where user and encrypted password are defined:

    Search entry subsystem xmlns="urn:jboss:domain:security and enter the following snippet

    <security-domain name="encrypted-ds-mssql" cache-type="default">
        <authentication>
            <login-module code="org.picketbox.datasource.security.SecureIdentityLoginModule" flag="required">
                <module-option name="username" value="<USER>"/>
                <module-option name="password" value="<encrypt-password-with-encrypter-script>"/>
            </login-module>
        </authentication>
    </security-domain>
    
  • Use security-domain in datasource definition instead of user and password

    <security>
        <security-domain>encrypted-ds-mssql</security-domain>                    
    </security>
    
  • Please use different security-domains for different datasources : https://bugzilla.redhat.com/show_bug.cgi?id=1103684

TomEE

  • Encrypt password with

    .\bin\tomee.bat cipher PLAINPASSWORD
    
  • Edit tomee.xml and add encrypted password and property PasswordCipher to Datasource-Resource

    <Resource ...   type="javax.sql.DataSource">
        ...
            Password = llZzVkn5OSpDfx4y/On83A==
            PasswordCipher = Static3DES
        ... 
    </Resource>
    

Please see

https://yottabrain.org/tomcat/tomee-datasource-password-encryption/

http://tomee.apache.org/datasource-password-encryption.html

for password encryption in tomee.xml