7.9. Use an Encrypted Sensitive String in Configuration

Prerequisites

Section 7.8, “Store a Sensitive String in the Password Vault”

Any sensitive string which has been encrypted can be used in a configuration file or Management CLI command in its masked form, providing expressions are allowed.

To confirm if expressions are allowed within a particular subsystem, run the following Management CLI command against that subsystem.

Note

Add the prefix /host=HOST_NAME to the command for a managed domain.

/core-service=SUBSYSTEM:read-resource-description(recursive=true)

/core-service=SUBSYSTEM:read-resource-description(recursive=true)

Copy to Clipboard

Toggle word wrap

Example 7.8. List the Description of all Resources in the Management Subsystem

/core-service=management:read-resource-description(recursive=true)

/core-service=management:read-resource-description(recursive=true)

Copy to Clipboard

Toggle word wrap

From the output of running this command, look for the value of the expressions-allowed parameter. If this is true, then you can use expressions within the configuration of this subsystem.

Use the following syntax to replace any plaintext string with the masked form.

${VAULT::VAULT_BLOCK::ATTRIBUTE_NAME::MASKED_STRING}

${VAULT::VAULT_BLOCK::ATTRIBUTE_NAME::MASKED_STRING}

Copy to Clipboard

Toggle word wrap

Example 7.9. Datasource Definition Using a Password in Masked Form

In this example the vault block is ds_ExampleDS and the attribute is password.

...
  <subsystem xmlns="urn:jboss:domain:datasources:1.0">
    <datasources>
      <datasource jndi-name="java:jboss/datasources/ExampleDS" enabled="true" use-java-context="true" pool-name="H2DS">
        <connection-url>jdbc:h2:mem:test;DB_CLOSE_DELAY=-1</connection-url>
        <driver>h2</driver>
        <pool></pool>
        <security>
          <user-name>sa</user-name>
          <password>${VAULT::ds_ExampleDS::password::1}</password>
        </security>
      </datasource>
      <drivers>
         <driver name="h2" module="com.h2database.h2">
            <xa-datasource-class>org.h2.jdbcx.JdbcDataSource</xa-datasource-class>
         </driver>
      </drivers>
    </datasources>
  </subsystem>
...

...
  <subsystem xmlns="urn:jboss:domain:datasources:1.0">
    <datasources>
      <datasource jndi-name="java:jboss/datasources/ExampleDS" enabled="true" use-java-context="true" pool-name="H2DS">
        <connection-url>jdbc:h2:mem:test;DB_CLOSE_DELAY=-1</connection-url>
        <driver>h2</driver>
        <pool></pool>
        <security>
          <user-name>sa</user-name>
          <password>${VAULT::ds_ExampleDS::password::1}</password>
        </security>
      </datasource>
      <drivers>
         <driver name="h2" module="com.h2database.h2">
            <xa-datasource-class>org.h2.jdbcx.JdbcDataSource</xa-datasource-class>
         </driver>
      </drivers>
    </datasources>
  </subsystem>
...

Copy to Clipboard

Toggle word wrap

Report a bug

Este conteúdo não está disponível no idioma selecionado.

7.9. Use an Encrypted Sensitive String in Configuration

Aprender

Experimente, compre e venda

Comunidades

Sobre a documentação da Red Hat

Tornando o open source mais inclusivo

Sobre a Red Hat

Theme

Red Hat legal and privacy links

Red Hat legal and privacy links