...
The Secret Manager initializes the secret repository and the keystores. It uses secret repository to keep the secret values (encrypted values). These secrets can be accessed through aliases. The keystore is required to create the decryption crypto, which can be used to resolve encrypted secrets values. The keystore and Secret Repository are configurable through the <PRODUCT<GREG_HOME>/repository/conf/security/secret-conf.properties file, which is generated once you execute the Cipher tool.
...
When Carbon Server is starting, it first checks for the text file called "password" in $GREG<GREG_HOMEHOME> and reads the private key and keystore password. The text file is deleted automatically after it is read. The admin who starts the Carbon Server must create a text file called "password" in $GREG<GREG_HOMEHOME> and enter the keyStore password in the first line of the file. Steps are as follows:
- Shut down the server if it is already started.
- Create a text file named "password" in $GREG<
GREG_HOMEHOME>. - Enter your primary keystore password in the 1st line of the text file and save it.
- Start the Carbon Server using command, daemon. sh wso2server.sh -start
By default, the password provider assumes that both private key and keystore passwords are the same. If not, the private key password must be entered in the second line of the file.
Info title Important If the carbon server is deployed in any other app server (eg:- weblogic) or key password of https transport (password in catalina-server.xml), it is not secured. Then the file name of the text file must be 'password-tmp', not 'password'.
Info title Note At every restart, the Admin has to create a text file.
...
Create a jar or an OSGI bundle. Copy the jar file to $GREG<GREG_HOMEHOME>/repository/component/lib/ directory or the OSGI bundle to $GREG<GREG_HOMEHOME>/repository/component/dropins/ directory. Configure the <GREG_HOME>/repository/conf/user-mgt.xml file with an alias name and your secret callback handler class name. For example,
...