[JBoss JIRA] (ISPN-5059) JGroups subsystem doesn't support Vault

Tuesday, 9 December 2014

    [
https://issues.jboss.org/browse/ISPN-5059?page=com.atlassian.jira.plugin....
] 

Vojtech Juranek commented on ISPN-5059:
---------------------------------------

Well, but it should be a valid variable in ISPN server (and therefore bug logged for ISPN,
not JGroups). It's also stated in
[JGRP-1721|https://issues.jboss.org/browse/JGRP-1721?focusedCommentId=1282...]
by [~NadirX], that Vault is supported.

I never dig into Vault if double colons can be changed to some other separator, but up to
my current knowledge, double colons are required by Vault.

...
 JGroups subsystem doesn't support Vault
 ---------------------------------------

                 Key: ISPN-5059
                 URL: https://issues.jboss.org/browse/ISPN-5059
             Project: Infinispan
          Issue Type: Bug
          Components: Security, Server
            Reporter: Vojtech Juranek

 JGroups subsystem doesn't support passwords encrypted in Vault. E.g. when running
[EncryptProtocolIT|https://github.com/infinispan/infinispan/blob/master/se...]
with following configuration:
 {noformat}
 <protocol type="ENCRYPT">
                     <property
name="key_store_name">${jboss.server.config.dir}/server_jceks.keystore</property>
                     <property
name="store_password">${VAULT::keystore::password::1}</property>
                     <property name="alias">memcached</property>
                 </protocol>
 {noformat}
 i.e. it uses Vault-encrypted password for keystore, it fails with:
 {noformat}
 groups.channel.clustered: java.lang.Exception: Unable to load keystore
infinispan/server/integration/testsuite/target/server/node2/standalone/configuration/server_jceks.keystore:
java.io.IOException: Keystore was tampered with, or password was incorrect
         at
org.jboss.as.clustering.jgroups.subsystem.ChannelService.start(ChannelService.java:74)
         at
org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1948)
[jboss-msc-1.2.2.Final.jar:1.2.2.Final]
         at
org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1881)
[jboss-msc-1.2.2.Final.jar:1.2.2.Final]
         at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
[rt.jar:1.7.0_55]
         at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
[rt.jar:1.7.0_55]
         at java.lang.Thread.run(Thread.java:745) [rt.jar:1.7.0_55]
 Caused by: java.lang.Exception: Unable to load keystore
infinispan/server/integration/testsuite/target/server/node2/standalone/configuration/server_jceks.keystore:
java.io.IOException: Keystore was tampered with, or password was incorrect
         at org.jgroups.protocols.ENCRYPT.initConfiguredKey(ENCRYPT.java:309)
         at org.jgroups.protocols.ENCRYPT.init(ENCRYPT.java:250)
         at org.jgroups.stack.ProtocolStack.initProtocolStack(ProtocolStack.java:860)
         at org.jgroups.stack.ProtocolStack.setup(ProtocolStack.java:481)
         at org.jgroups.JChannel.init(JChannel.java:848)
         at org.jgroups.JChannel.<init>(JChannel.java:159)
         at
org.jboss.as.clustering.jgroups.JChannelFactory.createChannel(JChannelFactory.java:87)
         at
org.jboss.as.clustering.jgroups.subsystem.ChannelService.start(ChannelService.java:69)
 {noformat}
 Vault record for {{keystore::password}} exists:
 {noformat}
 Task: Verify whether a secured attribute exists
 Enter Vault Block:keystore
 Enter Attribute Name:password
 A value exists for (keystore, password)
 {noformat} 

--
This message was sent by Atlassian JIRA
(v6.3.8#6338)

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009