karaf-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Leschke, Scott" <SLesc...@medline.com>
Subject Encrypted values in .cfg files
Date Fri, 02 Nov 2018 15:20:07 GMT
I would like to get rid of the plaintext passwords in a number of my .cfg files.  I'm looking
at the docs to figure out how to do it and see the following blueprint.
I've installed the jasypt feature already but I have a few questions regarding this file.


1.       Is there a Jasypt Component that can be configured using a property file or is blueprint
required?

2.       Is there a mechanism in CA to specify that a string replacement be done using an
environment variable or JVM property (will ${ENV_VAR} work)?

3.       I'm a bit confused by the part I highlighted. What's the purpose of that? It's not
necessary to specify the .cfg files that will have encrypted properties explicitely, is it?

I don't need the .cfg file to be called out there to use ENC(encrypted_value), do I?

4.       Does the Jasypt feature provide a mechanism by which a string can be entered and
the encrypted for returned? I didn't see a command. If not, is there a web page that provides
that or some other mechanism other than writing some java code to tell you what the encrypted
form a string is using the specified password?

Thanks, Scott

<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
           xmlns:cm="http://aries.apache.org/blueprint/xmlns/blueprint-cm/v1.1.0"
           xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0"
           xmlns:enc="http://karaf.apache.org/xmlns/jasypt/v1.0.0">

  <!-- Configuration via ConfigAdmin property-placeholder -->
  <!-- the etc/*.cfg can contain encrypted values with ENC() function -->
  <cm:property-placeholder persistent-id="db" update-strategy="reload">
    <cm:default-properties>
      <cm:property name="encoded" value="ENC(${foo})"/>
    </cm:default-properties>
  </cm:property-placeholder>

  <!-- Configuration via properties file -->
  <!-- Instead of ConfigAdmin, we can load "regular" properties file from a location -->
  <!-- Again, the db.properties file can contain encrypted values with ENC() function -->
  <ext:property-placeholder>
    <ext:location>file:etc/db.properties</ext:location>
  </ext:property-placeholder>

  <enc:property-placeholder>
    <enc:encryptor class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor">
      <property name="config">
       <bean class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig">
          <property name="algorithm" value="PBEWithMD5AndDES"/>
          <property name="passwordEnvName" value="ENCRYPTION_PASSWORD"/>
        </bean>
      </property>
    </enc:encryptor>
  </enc:property-placeholder>

  <!-- ... -->

</blueprint>


Mime
View raw message