Following are the config snippets I'm currently testing with:
<vault>
<vault-option name="KEYSTORE_URL" value="vault.ks"/>
<vault-option name="KEYSTORE_PASSWORD" value="MASK-XYZ"/>
<vault-option name="KEYSTORE_ALIAS" value="vault"/>
<vault-option name="SALT" value="12345678"/>
<vault-option name="ITERATION_COUNT" value="50"/>
<vault-option name="ENC_FILE_DIR" value="\vault\\"/>
</vault>
...
<netty-acceptor name="netty-ssl-acceptor" socket-binding="messaging">
<param key="ssl-enabled" value="true"/>
<param key="key-store-path" value="server.ks"/>
<param key="key-store-password" value="${VAULT::XXX::password::XYZ}"/>
<param key="trust-store-path" value="server.ts"/>
<param key="trust-store-password" value="${VAULT::XXX::password::XYZ}"/>
</netty-acceptor>
Does anything jump out here are being incorrect?
We have a security audit looming and we certainly aren't going to pass with cleartext passwords in the config file. Any advice would be greatly appreciated.
Thanks,
Doug