Due to PA-DSS compliance, we are not allowed to have clear text passwords in configuration files, even if we control who is allowed to access the file.
I've checked WildFly's documentation, but could only find information about protecting the database's password via org.picketbox.datasource.security.SecureIdentityLoginModule. Is there a way to do this on WildFly? Both WebSphere and GlassFish provide a way to do this, so I guess WildFly might have a way too.
Asked
Active
Viewed 275 times
0
EPMS Devteam
- 273
- 2
- 15
1 Answers
0
You can create a vault and encrypt the password with valutTool. Then refer to the password stored in vault with the preset variable e.g.
<module-option name="bindCredential" value="${VAULT::MYLDAP::PASSWORD::1}"/>
https://developer.jboss.org/wiki/MaskingPasswordsForWildFlyUsingNon-interactiveVaultTool
Quincy
- 4,393
- 3
- 26
- 40