WSO2 ESB provides a secure vault that allows you to store encrypted passwords that are mapped to aliases. This approach allows you to use the aliases instead of the actual passwords in your configuration files for better security. For example, some configurations require the admin username and password. If the admin user password is "admin", you could use the alias UserManager.AdminUser.Password in your configuration file. You would then map that alias to the actual password "admin". At runtime, the ESB will look up this alias in the secure vault and then decrypt and use its password.
...
If you need to retrieve this password in your ESB configuration, you can use theĀ {wso2:vault-lookup('alias')}custom path expression to logically reference the password mapping. See the next section for information on how to use an alias in your configuration.
Using
...
encrypted passwords in
...
synapse configurations
To use an alias in your synapse configuration, you add {wso2:vault-lookup('xx')} to your configuration, where xx is the alias.
For example, instead of hard-coding the admin user's password as follows: <Password>admin</Password>
...
<Password>{wso2:vault-lookup('AdminUser.Password')}</Password>| Note |
|---|
This configuration only encrypts the password within the synapse configuration. |