Frequently Asked Questions - now with correct answers:
It is NOT secure at all!
You disclose the password via KEYSTORE_PASSWORD. No matter how complex the implementation is. No matter if it uses Java KeyStore, RSA, DES, other algorithms. No matter how long RSA key is. No matter if any 3rd party vault implementation is used. You disclose the password to access the vault. Everyone who has access to the config can easily decrypt all the passowrds you have encrypted. This approach in JBoss is highly vulneruble! Unfortunately the Red Hat architect misleads all the users.
Compare it to following. You have a sofisticated locker in your house door. But you leave the key hanging on the door. Will you expect any safety? Or you have highly secure alarm system in your car. But you leave a key on the hood of your car. What will you expect? Everyone can open your home door and use your car. The same is here with JBoss vault.
Can I really secure the keystore?
- You can store the keystore on an USB or an encrypted secure usb or such.
- When the server starts, insert the USB. On successful start, you can remove the USB.
Wrong.
You can use USB of your developer's computer only. But you cannot use USB of your production servers. Because normally there is no physical access to it: it may be in a secured room you have no access to, or at your customer hundreads miles away, or it may be at your hoster, or in a cloud at Amazon, Rackspace, you name it.
The JBoss server must start automatically each time the system starts. For instance the system was upgraded, or a patch was applied, or hardware was replaced, or system was restored from a back up. The whole system is restarted. The JBoss server must automatically start, too. If the vault is missing, your application on JBoss will NOT start.
One might suggest to put the vault on another disk, mount it temporary during system start up, then unmount automatically after JBoss started. But this only reduces the probability. It does not solve the problem. As long as a disk is mounted, it is available to all system processes. A hacker or a process started by a hacker can access the mounted disk, too.
The worst thing is that a Red Hat architect who designed and implemented it does not warn the users. Users have false feeling of safety. Wake up! You are in a big trouble if you use JBoss vault.