[jboss-jira] [JBoss JIRA] (AS7-4180) Ensure expressions are supported for attributes that should be encrypted

Brian Stansberry created AS7-4180: ------------------------------------- Summary: Ensure expressions are supported for attributes that should be encrypted Key: AS7-4180 URL: https://issues.jboss.org/browse/AS7-4180 Project: Application Server 7 Issue Type: Bug Components: Domain Management, JMS Affects Versions: 7.1.1.Final, 7.1.0.Final Reporter: Brian Stansberry Assignee: Jeff Mesnil Priority: Critical Fix For: 7.1.2.Final CommonAttributes.CLUSTER_PASSWORD needs to support expressions, so its value can be vault encoded and the encoded value can be resolved against the vault at runtime. Recommend changing: SimpleAttributeDefinition CLUSTER_PASSWORD = new SimpleAttributeDefinition("cluster-password", new ModelNode().set(ConfigurationImpl.DEFAULT_CLUSTER_PASSWORD), ModelType.STRING, true, AttributeAccess.Flag.RESTART_ALL_SERVICES); to SimpleAttributeDefinition CLUSTER_PASSWORD = new SimpleAttributeDefinitionBuilder("cluster-password", ModelType.STRING, true) .setAllowExpression(true) .setDefaultValue(new ModelNode(ConfigurationImpl.DEFAULT_CLUSTER_PASSWORD)) .setRestartAllServices() .build(); A similar change should be made to CLUSTER_USER, not so much so the value can be read from the vault, but rather so a system property can be used, e.g. <cluster-user>${some.user.property}</cluster-user> I recommend looking at all the other config attributes and adding expression support where it makes sense. It's a must though for any password or other security sensitive value that users won't want stored in plain text. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira