Red Hat Summit이 콘텐츠는 선택한 언어로 제공되지 않습니다.
Chapter 6. Securing passwords with a keystore
You can use a keystore to encrypt passwords that are used for communication between Business Central and Process Server. You should encrypt both controller and Process Server passwords. If Business Central and Process Server are deployed to different application servers, then both application servers should use the keystore.
Use Java Cryptography Extension KeyStore (JCEKS) for your keystore because it supports symmetric keys. Use KeyTool, which is part of the JDK installation, to create a new JCEKS.
If Process Server is not configured with JCEKS, Process Server passwords are stored in system properties in plain text form.
Prerequisites
- Process Server is installed in Red Hat JBoss EAP.
- Java 8 or higher is installed.
Procedure
In the Red Hat JBoss EAP home directory, enter the following command to create a Process Server user with the
kie-serverrole and specify a password. In the following example, replace<USER_NAME>and<PASSWORD>with the user name and password of your choice.$<EAP_HOME>/bin/add-user.sh -a -e -u <USER_NAME> -p <PASSWORD> -g kie-server
$<EAP_HOME>/bin/add-user.sh -a -e -u <USER_NAME> -p <PASSWORD> -g kie-serverCopy to Clipboard Copied! Toggle word wrap Toggle overflow To use KeyTool to create a JCEKS, enter the following command in the Java 8 home directory:
$<JAVA_HOME>/bin/keytool -importpassword -keystore <KEYSTORE_PATH> -keypass <ALIAS_KEY_PASSWORD> -alias <PASSWORD_ALIAS> -storepass <KEYSTORE_PASSWORD> -storetype JCEKS
$<JAVA_HOME>/bin/keytool -importpassword -keystore <KEYSTORE_PATH> -keypass <ALIAS_KEY_PASSWORD> -alias <PASSWORD_ALIAS> -storepass <KEYSTORE_PASSWORD> -storetype JCEKSCopy to Clipboard Copied! Toggle word wrap Toggle overflow In this example, replace the following variables:
-
<KEYSTORE_PATH>: The path where the keystore will be stored -
<KEYSTORE_PASSWORD>: The keystore password -
<ALIAS_KEY_PASSWORD>: The password used to access values stored with the alias -
<PASSWORD_ALIAS>: The alias of the entry to the process
-
- When prompted, enter the password for the Process Server user that you created.
Set the following system properties in the
EAP_HOME/standalone/configuration/standalone-full.xmlfile and replace the placeholders as listed in the following table:Copy to Clipboard Copied! Toggle word wrap Toggle overflow Expand Table 6.1. System properties used to load a Process Server JCEKS System property Placeholder Description kie.keystore.keyStoreURL<KEYSTORE_URL>URL for the JCEKS that you want to use, for example
file:///home/kie/keystores/keystore.jcekskie.keystore.keyStorePwd<KEYSTORE_PWD>Password for the JCEKS
kie.keystore.key.server.alias<KEY_SERVER_ALIAS>Alias of the key for REST services where the password is stored
kie.keystore.key.server.pwd<KEY_SERVER_PWD>Password of the alias for REST services with the stored password
kie.keystore.key.ctrl.alias<KEY_CONTROL_ALIAS>Alias of the key for default REST Process Automation Controller where the password is stored
kie.keystore.key.ctrl.key.ctrl.pwd<KEY_CONTROL_PWD>Password of the alias for default REST Process Automation Controller with the stored password
- Start Process Server to verify the configuration.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}