LDAP search crendential encryption on WildFly 10

Report
Question

Please briefly explain why you feel this question should be reported .

Report Cancel

Due to PA-DSS compliance, we are not allowed to have clear text passwords in configuration files, even if we control who is allowed to access the file.
I’ve checked WildFly’s documentation, but could only find information about protecting the database’s password via org.picketbox.datasource.security.SecureIdentityLoginModule. Is there a way to do this on WildFly? Both WebSphere and GlassFish provide a way to do this, so I guess WildFly might have a way too.

solved 0
1 Answer 8 views 0

Answer ( 1 )

    0
    December 10, 2016 at 9:44 pm

    Please briefly explain why you feel this answer should be reported .

    Report Cancel

    You can create a vault and encrypt the password with valutTool. Then refer to the password stored in vault with the preset variable e.g.

    <module-option name="bindCredential" value="${VAULT::MYLDAP::PASSWORD::1}"/>

    https://developer.jboss.org/wiki/MaskingPasswordsForWildFlyUsingNon-interactiveVaultTool

    Best answer

Leave an answer

Browse

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>