Hi Dmitry
Thanks for the tips! We've not made much progress with this at present, I was just
doing some research to see what would be needed when we get to it.
Thanks
Matt
-----Original Message-----
From: Dmitry Telegin <dt(a)acutus.pro>
Sent: Monday, 23 July 2018 10:48 AM
To: Matt Evans <matthew.evans(a)oracle.com>; keycloak-user(a)lists.jboss.org
Subject: Re: [keycloak-user] Passwords for keycloak
Hi Matt,
Seems like you've already figured out everything yourself :)
After you have your CredentialStoreSpi implemented, you should be able to use
"--credential-reference={store=my_store, alias=database-pw}"
instead of "--password" while configuring datasource via jboss-cli.sh.
How is it going with the implementation? BTW is it HashiCorp Vault you're trying to
integrate with?
Cheers,
Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training
Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
E-mail: info(a)acutus.pro
On Wed, 2018-07-18 at 22:08 -0700, Matt Evans wrote:
Doing a bit of further googling about jboss/wildfly, should I be
looking at implementing the CredentialStoreSpi as detailed in section
4.1.8 of this article?
https://urldefense.proofpoint.com/v2/url?u=https-3A__access.redhat.com
_documentation_en-2Dus_red-5Fhat-5Fjboss-5Fenterpris&d=DwIDaQ&c=RoP1Yu
mCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=8v1OAq8sCvoGRIPd-IGvCVHI6L8Cwv
p2ANtoqmsCBYY&m=xrJPoY_3pjZV5osGylcZa3VJ6mcLcSoTgszLWv82ujA&s=XF6WgHx2
TWAM7mAIeUHu0Qodcg_up3UCYdRnSQn5-cM&e=
e_application_platform/7.1/html/how_to_configure_server_security/secu
rely_storing_credentials
Could I then use that credential store to configure the data source?
Thanks
Matt
-----Original Message-----
From: Matt Evans
Sent: Thursday, 19 July 2018 2:42 PM
To: keycloak-user(a)lists.jboss.org
Subject: [keycloak-user] Passwords for keycloak
Is it possible to extend keycloak to read its settings, specifically
passwords, from a secure configuration store? For example, how would I
go about having keycloak read the password for the database connection
from a secure store, so it's not stored in the config files on the
machine, or passed as command line parameters?
Thanks
Matt
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.jboss.org_
mailman_listinfo_keycloak-
2Duser&d=DwICAg&c=RoP1YumCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=8v1OA
q8sCvoGRIPd-
IGvCVHI6L8Cwvp2ANtoqmsCBYY&m=gHuodr78XcGcZlTriPKgtawh7WUFIrGFf3RLC2eQ
aBs&s=me9vViYHTZl_8XeCzceLxIAAY8M7Jq0VIjmPU4NEEuc&e=
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.jboss.org_m
ailman_listinfo_keycloak-2Duser&d=DwIDaQ&c=RoP1YumCXCgaWHvlZYR8PZh8Bv7
qIrMUB65eapI_JnE&r=8v1OAq8sCvoGRIPd-IGvCVHI6L8Cwvp2ANtoqmsCBYY&m=xrJPo
Y_3pjZV5osGylcZa3VJ6mcLcSoTgszLWv82ujA&s=RnCzxTN6WK36Ufj0lLZSr2EuWH7Kd
Zh83P--RPFU1Dg&e=