karaf-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Leschke, Scott" <SLesc...@medline.com>
Subject RE: Encrypting property values in .cfg files
Date Tue, 06 Nov 2018 15:44:23 GMT
Hi JB,

I'd prefer the ability to use SCR and just supply a StringEncryptor service if I could.  I'll
use blueprint, tried it actually but didn't get it to work. Being able to use SCR would probably
be optimal though.

I installed the jasypt-encryption feature and tried it with the encrypted pwd wrapped by ENC()
in my .cgf file.  I haven't used blueprint in sometime btw.  I don't recall having to explicitly
install blueprint, is it no longer part of boot feature set?  Also, I'm unfamiliar with "property-placeholder".
 What's the purpose that that over a <service> element?

Thanks, Scott

  <enc:property-placeholder>
    <enc:encryptor class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor">
      <property name="config">
        <bean class="org.jasypt.encryption.pbe.config.EnvironmentPBEConfig">
          <property name="algorithm" value="PBEwithMD5andDES"/>
          <property name="password"  value="my-crazy-pwd"/>
<!--
          <property name="passwordEnvName" value="ENCRYPTION_PWD"/>  -->
        </bean>
      </property>
    </enc:encryptor>
  </enc:property-placeholder>


-----Original Message-----
From: Jean-Baptiste Onofré <jb@nanthrax.net> 
Sent: Monday, November 05, 2018 11:02 PM
To: user@karaf.apache.org
Subject: Re: Encrypting property values in .cfg files

Hi Scott,

You want to use it blueprint, SCR or directly ConfigAdmin ?

If you use the {enc:} format, it should work at least with blueprint jasypt namespace.

For a generic way, we have a Jira about that. Basically, it would be a ConfigListener to do
intercepting the {enc:} prefix in property values.
I can work on this one.

Regards
JB

On 05/11/2018 23:25, Leschke, Scott wrote:
> I'm looking to encrypt passwords the are currently in plaintext in a 
> few of my .cfg files.  I've looked at how to do that and it seemed 
> reasonably straightforward although I've had some difficulty getting 
> it working.  I'm wondering if there's anything that prevents me from 
> just supplying a service myself that implements the
> */org.jasypt.encryption.StringEncryptor/* interface rather than using 
> the Karaf jasypt-encryption service.
> 
>  
> 
> I've tried it but that doesn't seem to want to work either so I'm 
> wondering if there's a reason it doesn't.
> 
>  
> 
> Scott
> 
>  
> 
>  
> 

--
Jean-Baptiste Onofré
jbonofre@apache.org
http://blog.nanthrax.net
Talend - http://www.talend.com

Mime
View raw message