[Hawkular-dev] Getting rid of agent/server password in clear

Hey Mazz and Juca, tl;dr: we need to get rid of clear text passwords in standalone.xml for the Docker builds I can run (pseudocode): docker run -e HAWKULAR_USER=jdoe -e HAWKULAR_PASSWORD=password pilhuhn/hawkular-services the startup in the image takes care that jdoe is added to the users.properties file for JAAS and the agent gets those env-variables as user/password and the agent can talk to the server (see also below). == Agent side I recall that in the agent installer you have added some way of 'obfuscating' the password. I wonder if that exists / can be added to the agent proper so that the password is not in standalone.xml in clear and I can pass -e HAWKULAR_PASS_HASH=dhfadfhsdfadsfads instead of the password and the agent then sends base64(hash(user + password-hash)) to the server, which does the same with its local data and compares if the base64 matches. Remember that docker inspect <container id> lets you see env-variables "Env": [ "HAWKULAR_BACKEND=remote", "HAWKULAR_PASSWORD=password", == Server side Passing in the password like above to set up the server is equally bad (perhaps a tiny bit less, as the server is usually inside a more secured area than the agents). Here I can in the startup script easily replace the call to add-user.sh with some "add user + password if not exists" logic and the env-variable gets passed in what add-user.sh would compute and add.