-1

I have a password to some service. I need to save it in WildFly 19 and then get it in a java application.

I found a certain amount of information, but I'm not sure if it's outdated.

  1. Do I need vault?
  2. How do I write my password to the Wildfly? I found the following commands. Is this enough to save the password?
/subsystem=elytron/credential-store=test:add(relative-to=jboss.server.data.dir, location=test.jceks, create=true,credential-reference={clear-text=storepass})

/subsystem=elytron/credential-store=test:add-alias(alias=keystorepw,secret-value=secret)
  1. How do I get a password in a java application?
Violetta
  • 509
  • 4
  • 12

1 Answers1

1
  1. No, vaults are a legacy tool and you should use a credential store to secure passwords.
  2. Yes, those commands should be sufficient. You can find more information in the Elytron documentation. The docs for the current Wildfly 26.1 may also be helpful.
  3. You can find an example application here.
cam-rod
  • 161
  • 7
  • Thanks, the example helped me figure it out. But I still have one question: in line `СlearPassword.createRaw(ClearPassword.ALGORITHM_CLEAR, "ExamplePassword".toCharArray());`, I need to specify the password from the storage, which I also have to get from somewhere, since it may be different for different servers. It turns out that it should be stored in the vault – Violetta Oct 13 '22 at 13:32
  • If you added the password using the CLI commands in (2), you should be able to retrieve it [by referencing its alias](https://github.com/wildfly-security-incubator/elytron-examples/blob/58a4b3c78883ba5e1802535bbaafac128d160d08/credential-store/src/main/java/org/wildfly/security/examples/CredentialStoreExample.java#L80). The store is saved as a file, so you can add it to other servers by using the same `add` CLI command with an updated filepath. You can also create a store [with the included bash script](https://docs.wildfly.org/19/WildFly_Elytron_Security.html#keystorecredentialstore). – cam-rod Oct 14 '22 at 14:52
  • I'm sorry, I copied the wrong line. I'm talking about the password for the store `Password storePassword = ClearPassword.createRaw(ClearPassword.ALGORITHM_CLEAR, "StorePassword".toCharArray())` To get it by alias, I need to initialize store, and for this I need a password `ProtectionParameter protectionParameter = new CredentialSourceProtectionParameter(IdentityCredentials.NONE.withCredential(new PasswordCredential(storePassword))); credentialStore.initialize(configuration, protectionParameter);` – Violetta Oct 15 '22 at 15:23
  • Ah, then yeah in that case you need either some secure storage, or you can use a masked password instead ([details](https://docs.wildfly.org/19/WildFly_Elytron_Security.html#Passwords), [implementation](https://docs.wildfly.org/19/WildFly_Elytron_Security.html#referencing-credentials)) – cam-rod Oct 16 '22 at 03:36