Versions Compared

Old Version 2

changes.mady.by.user Former user

Saved on

compared with

New Version 3

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

By default, the ESB instance's primary key store (<ESB_HOME>/repository/resources/security/wso2carbon.jks) is used as the secure vault. If you want to use another key store or cipher text properties file, or if you want to use a custom callback class to handle decryption, modify the <ESB_HOME>/repository/conf/security/secret-conf.properties file. For more information on configuring the secure vault and creating custom callback classes, see WSO2 Carbon Secure Vault Implementation in the Carbon documentation.

...

To store passwords in the secure vault, run the the ciphertool script  script from the command line as follows:

...

This script reads the aliases and plain-text passwords in in cipher-text.properties, encrypts the passwords, and stores them in the secure vault. It uses the settings in the the secret-conf.properties file described above. file described above.

Encrypting and storing new passwords via the Management Console

Follow the steps below to encrypt and store new passwords via the ESB Management Console.

  1. Click the Main tab on the Management Console, go to Manage -> Secure Vault Tool and then click Manage Passwords. The Secure Vault Password Management screen appears.
  2. Click Add New Password to encrypt and store and specify values for the following fields:
    Vault Key - The alias for the password.
    Password -  The actual password.
    Re-enter password - The password that you specified as the actual password. 

Image Added

This creates a new password entry in the registry encrypted with the alias that you specified.

If you need to retrieve this password in your ESB configuration, you can use the {wso2:vault-lookup('alias')}custom path expression to logically reference the password mapping. See the next section for information on how to use an alias in your configuration.

Using aliases in your configurations

To use an alias in your configuration, you add {wso2:vault-lookup('xx')} to your configuration, where xx is the alias. For example, instead of hard coding the admin user's password like thisas follows:

<Password>admin</Password>

You would enter it like thiscan encrypt and store the password with the alias AdminUser.Password, and retrieve this password in your ESB configuration as follows:

<Password>{wso2:vault-lookup('UserManager.AdminUser.Password')}</Password>