[jboss-jira] [JBoss JIRA] (WFLY-6573) Allow Vault encrypted strings to be updated without a restart

Fri Oct 26 13:46:01 EDT 2018

    [ https://issues.jboss.org/browse/WFLY-6573?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13653541#comment-13653541 ] 

Darran Lofthouse commented on WFLY-6573:
----------------------------------------

[~bmaxwell] That is why I think we need to start by identifying resources that make use of credentials from the credential store and prioritise them - automatic service restarts is a complete non-starter as we effectively restart the majority of the app server (including deployments) just by updating a credential.

The approach I think we will need to follow is some form of notification that a credential has been updated, selected services can then choose to respond to that notification in a suitable way.  Each of these services will then require it's own analysis and implementation hence the prioritisation.

As an example if we have pool of functioning JDBC connection we may choose to continue to use them as long as they remain valid, new connections would make use of the new credential.  But this will require specific integration into our JDBC connection handling rather than being a generic top level idea.

> Allow Vault encrypted strings to be updated without a restart
> -------------------------------------------------------------
>
>                 Key: WFLY-6573
>                 URL: https://issues.jboss.org/browse/WFLY-6573
>             Project: WildFly
>          Issue Type: Feature Request
>          Components: Security
>    Affects Versions: 10.0.0.Final
>            Reporter: Brad Maxwell
>            Priority: Major
>
> When a new vault string is created the affected servers in the domain have to be restarted before the encrypted value is applied. This makes it difficult to test a new configuration in CLI.

--
This message was sent by Atlassian Jira
(v7.12.1#712002)