karaf-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Freeman Fang <freeman.f...@gmail.com>
Subject Re: Encrypted keystore password
Date Mon, 22 May 2017 04:47:18 GMT
Hi,

Yes, provided you are using Karaf 4.1.x, which in turn uses the pax.web 6.0.x.

Basically we use jasypt to encrypt the sensitive string, hence introduce several more properties
for pax web pid, such as enc.masterpassword, enc.algorithm, enc.enabled, enc.prefix, enc.suffix.
Moreover, you can configure the masterpassword for the jasypt encryptor with env variable
or system property, other configuration for decryptor all have default values.

Please take a look at PAXWEB-1021[1] to get more details.

[1]https://ops4j1.jira.com/browse/PAXWEB-1021 <https://ops4j1.jira.com/browse/PAXWEB-1021>

Cheers
-------------
Freeman(Yue) Fang

Red Hat, Inc. 
FuseSource is now part of Red Hat



> On May 19, 2017, at 9:02 PM, ashonline <ashpublic@mac.com> wrote:
> 
> Hi,
> 
> I'm in the process of configuring karaf to use SSL communication and have
> therefore provided the password to the keystore in the org.ops4j.pax.web.cfg
> file:
> 
> org.ops4j.pax.web.ssl.keypassword=mypwd
> 
> I can't however find anything in the documentation that tells me how to
> encrypt the password, for example by surrounding the password digest with
> {CRYPT} markers.
> 
> Please advise whether or not this encryption capability exists or, if not,
> what we can do as a workaround? It won't be acceptable for our clients to
> have to type in their password in plain text for their keystore that they
> will provide to our karaf based framework.
> 
> 
> 
> --
> View this message in context: http://karaf.922171.n3.nabble.com/Encrypted-keystore-password-tp4050396.html
> Sent from the Karaf - User mailing list archive at Nabble.com.


Mime
View raw message