karaf-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Leschke, Scott" <SLesc...@medline.com>
Subject Encrypted values in .cfg files
Date Fri, 02 Nov 2018 15:20:07 GMT
I would like to get rid of the plaintext passwords in a number of my .cfg files.  I'm looking
at the docs to figure out how to do it and see the following blueprint.
I've installed the jasypt feature already but I have a few questions regarding this file.

1.       Is there a Jasypt Component that can be configured using a property file or is blueprint

2.       Is there a mechanism in CA to specify that a string replacement be done using an
environment variable or JVM property (will ${ENV_VAR} work)?

3.       I'm a bit confused by the part I highlighted. What's the purpose of that? It's not
necessary to specify the .cfg files that will have encrypted properties explicitely, is it?

I don't need the .cfg file to be called out there to use ENC(encrypted_value), do I?

4.       Does the Jasypt feature provide a mechanism by which a string can be entered and
the encrypted for returned? I didn't see a command. If not, is there a web page that provides
that or some other mechanism other than writing some java code to tell you what the encrypted
form a string is using the specified password?

Thanks, Scott

<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"

  <!-- Configuration via ConfigAdmin property-placeholder -->
  <!-- the etc/*.cfg can contain encrypted values with ENC() function -->
  <cm:property-placeholder persistent-id="db" update-strategy="reload">
      <cm:property name="encoded" value="ENC(${foo})"/>

  <!-- Configuration via properties file -->
  <!-- Instead of ConfigAdmin, we can load "regular" properties file from a location -->
  <!-- Again, the db.properties file can contain encrypted values with ENC() function -->

    <enc:encryptor class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor">
      <property name="config">
       <bean class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig">
          <property name="algorithm" value="PBEWithMD5AndDES"/>
          <property name="passwordEnvName" value="ENCRYPTION_PASSWORD"/>

  <!-- ... -->


View raw message