WSO2 Carbon is shipped with a secure vault implementation which is a modified version of synapse secure vault. It provides capability to securely store sensitive data such as plaint-text passwords in configuration files. All WSO2 Carbon-based products inherit the secure vault implementation from the core Carbon platform, which is used for configuration files of the WSO2 Carbon platform, such as user-mgt.xml, Carbon.xml, Axis2.xml, registry.xml etc. For more information, refer to section WSO2 Carbon Secure Vault under Carbon Tools.
However, the
WSO2 Data Services Server provides the feature to securely store sensitive data such as password fields using the Secure Vault functionality. Users can encript their passwords using tokens instead of the actual password inside the data service configuration file. This guide will explain you how to secure your password in data-source configuration.
Step 1 - Run ciphertool script from bin directory
Linux: sh ciphertool.sh -Dconfigure
Windows: ciphertool.bat -Dconfigure
Step 2 - Encrypt the plain text using ciphertool
Again run the ciphertool script without '-Dconfigure'. It will ask for the KeyStore Password of Carbon Server. The default value of the KeyStore password is 'wso2carbon'. Then provide the plain text value that need to be encrypted. It will return you the encrypted text value.