Skip to content

Encrypt DB-Password

The definition of datasources in JEE-Container requires user and password. Password encrytion depends on the JEE-Container. It can be encrypted done as follows:

Wildfly

  • Encrypt password with

    %JAVA_HOME%\bin\java -cp modules\system\layers\base\org\picketbox\main\picketbox-5.0.3.Final.jar org.picketbox.datasource.security.SecureIdentityLoginModule PLAIN-PASSWORD

    insight\wild\ contains encrypt.bat with this command.

  • Edit standalone.xml and insert a new security-domain, where user and encrypted password are defined:

    Search entry subsystem xmlns="urn:jboss:domain:security and enter the following snippet

    <security-domain name="encrypted-ds-mssql" cache-type="default">
    <authentication>
        <login-module code="org.picketbox.datasource.security.SecureIdentityLoginModule" flag="required">
            <module-option name="username" value="<USER>"/>
            <module-option name="password" value="<encrypt-password-with-encrypter-script>"/>
        </login-module>
    </authentication>
</security-domain>

  • Use security-domain in datasource definition instead of user and password

    <security>
    <security-domain>encrypted-ds-mssql</security-domain>
</security>

  • Please use different security-domains for different datasources : https://bugzilla.redhat.com/show_bug.cgi?id=1103684