[jboss-jira] [JBoss JIRA] (AS7-6340) Vault usage in a master-slave setup in AS7/EAP6
Roland Räz (JIRA)
jira-events at lists.jboss.org
Wed Jan 16 03:05:22 EST 2013
[ https://issues.jboss.org/browse/AS7-6340?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12746064#comment-12746064 ]
Roland Räz commented on AS7-6340:
---------------------------------
In the JBoss domain mode, dmr exposed credential management should be provided. The management of the credentials would be on domain instead of host level. The management (add, change, remove) of credentials should be possible while the domain and the servers are running.
JBoss could use internally a single vault per domain. One possibility would be that JBoss distributes on each update the vault to all hosts. Another approach would be to rewrite the implementation to use the domain configuration file (used as a replacement for Shared.dat & ENC.dat) files) as backend and expect the same keystore (for the encryption key) on all hosts.
> Vault usage in a master-slave setup in AS7/EAP6
> -----------------------------------------------
>
> Key: AS7-6340
> URL: https://issues.jboss.org/browse/AS7-6340
> Project: Application Server 7
> Issue Type: Feature Request
> Components: Security
> Affects Versions: 7.1.3.Final (EAP)
> Reporter: Hisanobu Okuda
> Assignee: Anil Saldhana
>
> In domain mode, you need to copy over the vault files(keystore, Shared.dat, ENC.dat) to each machine within the domain. This is a very bad solution when your security policy requires password updates frequently.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list