JBoss Community

Re: AS7: Sensitive Attributes Masking

created by Dmitri Voronov in PicketBox Development - View the full discussion

Hi all,

I'm currently trying to apply vault for DataSource' password in JBoss AS 7.1.0.Beta1 as described in Wiki http://community.jboss.org/wiki/JBossAS7SecuringPasswords but doesn't work. I get following exception:

10:23:41,265 ERROR [org.jboss.as.controller] (ServerService Thread Pool -- 47) JBAS014612: Operation ("enable") failed - address: ([

("subsystem" => "datasources"),

("data-source" => "java:jboss/jdbc/MSSQLDataSource-PROD")

]): java.lang.SecurityException: org.jboss.security.vault.SecurityVaultException: PB00027: Vault Mismatch:Shared Key does not match for vault block:MSSQLDataSource and attributeName:password

at org.jboss.as.server.services.security.RuntimeVaultReader.retrieveFromVault(RuntimeVaultReader.java:98) [jboss-as-server-7.1.0.Beta1.jar:]

at org.jboss.as.server.RuntimeExpressionResolver.resolvePluggableExpression(RuntimeExpressionResolver.java:45) [jboss-as-server-7.1.0.Beta1.jar:]

at org.jboss.as.controller.ExpressionResolverImpl.resolveExpressionsRecursively(ExpressionResolverImpl.java:58) [jboss-as-controller-7.1.0.Beta1.jar:]

...

My configuration:

I put vault configuration in standalone in the server scope:

<vault>
	<vault-option name="KEYSTORE_URL" value="C:/eplatform/jboss/AS-7.0/standalone/configuration/vault.keystore"/>
	<vault-option name="KEYSTORE_PASSWORD" value="MASK-8mj0bd6g0iq"/>
	<vault-option name="KEYSTORE_ALIAS" value="vault"/>
	<vault-option name="SALT" value="12345678"/>
	<vault-option name="ITERATION_COUNT" value="42"/>
	<vault-option name="ENC_FILE_DIR" value="C:/eplatform/jboss/AS-7.0/standalone/data/"/>
</vault>

and the DataSource' password value:

<password>
	${VAULT::MSSQLDataSource::password::MmUxNzU1MjgtYWM1Mi00MzZmLThlZTctZGIxNzE4ZGQ3ZWZlTElORV9CUkVBS3ZhdWx0}
</password>

Thanks and regards

Reply to this message by going to Community

Start a new discussion in PicketBox Development at Community