Unknown macro: {next_previous_links}
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

If you have secured the plain text passwords in configuration files using Secure Vault, the keystore password and private key password of the product's primary keystore will serve as the root passwords for Secure Vault. This is because the keystore passwords are needed to initialise the values encrypted by the Secret Manager in the Secret Repository. Therefore, the Secret Callback handler is used to resolve these passwords. Read about the Secure Vault implementation in WSO2 products. Also, see how passwords in configuration files are encrypted using Secure Vault.

The default secret CallbackHandler in a WSO2 product provides two options for reading these encrypted passwords when you start the server:

Enter password in command-line

  1. Start the server by running the product start up script from the <PRODUCT_HOME>/bin/ directory as shown below.

    ./wso2server.sh
  2. When you run the startup script, the following message will be prompted before starting the server: "[Enter KeyStore and Private Key Password :]". This is because, in order to connect to the default user store, the encrypted passwords should be decrypted. The administrator starting the server must provide the private key and keystore passwords using the command-line. Note that passwords are hidden from the terminal and log files.

Start server as a background job

If you start the WSO2 Carbon server as a background job, you will not be able to provide password values on the command line. Therefore, you must start the server in "daemon" mode as explained below.

  1. Create a file named "password-tmp" in <PRODUCT_HOME>/ directory. Add "wso2carbon" (the primary keystore password) to this file and save. By default, the password provider assumes that both private key and keystore passwords are the same. If not, the private key password must be entered in the second line of the file.

  2. Now, start the server as a background process by running the following command.

    ./wso2server.sh start

  3. Keystore password will be picked up from the "password-tmp" file. Once the server starts, this file is automatically deleted from the file system. Make sure to add this temporary file back whenever you start the server as a background process. If you name of the password file "password-persist" instead of "password-tmp", then the file will not be deleted after the server starts. Therefore, it will not be required to provide the password in subsequent startups.

    Note that every time the server starts, the admin has to create a text file.

  4. Start the server by running the product start up script from the <PRODUCT_HOME>/bin/ directory by executing the following command:

    daemon. sh wso2server.sh -start
  • No labels
Unknown macro: {next_previous_links2}