Versions Compared

Old Version 6

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Updated the heading.

WSO2 ESB provides a secure vault that allows you to store encrypted passwords that are mapped to aliases. This approach allows you to use the aliases instead of the actual passwords in your configuration files for better security. For example, some configurations require the admin username and password. If the admin user password is "admin", you could use the alias UserManager.AdminUser.Password in your configuration file. You would then map that alias to the actual password "admin". At runtime, the ESB will look up this alias in the secure vault and then decrypt and use its password.

...

By default, the ESB instance's primary key store (<ESB_HOME>/repository/resources/security/wso2carbon.jks) is used as the secure vault. If you want to use another key store or cipher text ciphertext properties file, or if you want to use a custom callback class to handle decryption, modify the <ESB_HOME>/repository/conf/security/secret-conf.properties file. For more information on configuring the secure vault and creating custom callback classes, see WSO2 Carbon Secure Vault in the Carbon documentation.

...

  1. Run the cipher script as specified above to setup set up the secure vault environment.
  2. Click the Main tab on the Management Console, go to Manage -> Secure Vault Tool and then click Manage Passwords. The Secure Vault Password Management screen appears.
  3. Click Add New Password to encrypt and store, and then specify values for the following fields:
    Vault Key - The alias for the password.
    Password -  The actual password.
    Re-enter password - The password that you specified as the actual password. 

    This creates a new password entry in the registry encrypted with the alias that you specified.

If you need to retrieve this password in your ESB configuration, you can use the {wso2:vault-lookup('alias')}custom path expression to logically reference the password mapping. See the next section for information on how to use an alias in your configuration.

Using

...

encrypted passwords in

...

synapse configurations

To use an alias in your synapse configuration, you add {wso2:vault-lookup('xx')} to your configuration, where xx is the alias.
For example, instead of hard-coding the admin user's password as follows: <Password>admin</Password>

You can encrypt and store the password with the alias AdminUser.Password, and retrieve this password in your ESB synapse configuration as follows:

<Password>{wso2:vault-lookup('AdminUser.Password')}</Password>
Note

This configuration only encrypts the password within the synapse configuration.