[keycloak-user] Passwords for keycloak

Matt Evans matthew.evans at oracle.com
Wed Jul 25 20:13:33 EDT 2018 

Hi Dmitry

Thanks for the tips! We've not made much progress with this at present, I was just doing some research to see what would be needed when we get to it.

Thanks

Matt

-----Original Message-----
From: Dmitry Telegin <dt at acutus.pro> 
Sent: Monday, 23 July 2018 10:48 AM
To: Matt Evans <matthew.evans at oracle.com>; keycloak-user at lists.jboss.org
Subject: Re: [keycloak-user] Passwords for keycloak

Hi Matt,

Seems like you've already figured out everything yourself :)

After you have your CredentialStoreSpi implemented, you should be able to use "--credential-reference={store=my_store, alias=database-pw}"
instead of "--password" while configuring datasource via jboss-cli.sh.

How is it going with the implementation? BTW is it HashiCorp Vault you're trying to integrate with?

Cheers,
Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training

Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
E-mail: info at acutus.pro

On Wed, 2018-07-18 at 22:08 -0700, Matt Evans wrote:
> Doing a bit of further googling about jboss/wildfly, should I be 
> looking at implementing the CredentialStoreSpi as detailed in section
> 4.1.8 of this article?
> 
> https://urldefense.proofpoint.com/v2/url?u=https-3A__access.redhat.com
> _documentation_en-2Dus_red-5Fhat-5Fjboss-5Fenterpris&d=DwIDaQ&c=RoP1Yu
> mCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=8v1OAq8sCvoGRIPd-IGvCVHI6L8Cwv
> p2ANtoqmsCBYY&m=xrJPoY_3pjZV5osGylcZa3VJ6mcLcSoTgszLWv82ujA&s=XF6WgHx2
> TWAM7mAIeUHu0Qodcg_up3UCYdRnSQn5-cM&e=
> e_application_platform/7.1/html/how_to_configure_server_security/secu
> rely_storing_credentials
> 
> Could I then use that credential store to configure the data source?
> 
> Thanks
> 
> Matt
> 
> -----Original Message-----
> From: Matt Evans
> Sent: Thursday, 19 July 2018 2:42 PM
> To: keycloak-user at lists.jboss.org
> Subject: [keycloak-user] Passwords for keycloak
> 
> Is it possible to extend keycloak to read its settings, specifically 
> passwords, from a secure configuration store? For example, how would I 
> go about having keycloak read the password for the database connection 
> from a secure store, so it's not stored in the config files on the 
> machine, or passed as command line parameters?
> 
>  
> 
> Thanks
> 
>  
> 
> Matt
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.jboss.org_
> mailman_listinfo_keycloak-
> 2Duser&d=DwICAg&c=RoP1YumCXCgaWHvlZYR8PZh8Bv7qIrMUB65eapI_JnE&r=8v1OA
> q8sCvoGRIPd-
> IGvCVHI6L8Cwvp2ANtoqmsCBYY&m=gHuodr78XcGcZlTriPKgtawh7WUFIrGFf3RLC2eQ
> aBs&s=me9vViYHTZl_8XeCzceLxIAAY8M7Jq0VIjmPU4NEEuc&e=
> 
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.jboss.org_m
> ailman_listinfo_keycloak-2Duser&d=DwIDaQ&c=RoP1YumCXCgaWHvlZYR8PZh8Bv7
> qIrMUB65eapI_JnE&r=8v1OAq8sCvoGRIPd-IGvCVHI6L8Cwvp2ANtoqmsCBYY&m=xrJPo
> Y_3pjZV5osGylcZa3VJ6mcLcSoTgszLWv82ujA&s=RnCzxTN6WK36Ufj0lLZSr2EuWH7Kd
> Zh83P--RPFU1Dg&e=

More information about the keycloak-user mailing list