Chapter 7. Secure Passwords and Other Sensitive Strings with Password Vault

Configuration of JBoss EAP and associated applications requires potentially sensitive information, such as usernames and passwords. Instead of storing this sensitive information as plain text in configuration files, use the Password Vault feature to mask this information and store it in an encrypted keystore.

Instead of storing the password as plain text in configuration files, you can use the Password Vault feature to mask the password information and store it in an encrypted keystore. Once the password is stored, you can include references in Management CLI commands or your own applications. The Password Vault uses the Java Keystore as its storage mechanism. Password Vault consists of two parts: storage and key storage. Java Keystore is used to store the key, which is used to encrypt or decrypt sensitive strings in Vault storage.