Added: synapse/trunk/java/modules/securevault/src/main/java/org/apache/synapse/securevault/tool/CipherTool.java URL: http://svn.apache.org/viewvc/synapse/trunk/java/modules/securevault/src/main/java/org/apache/synapse/securevault/tool/CipherTool.java?rev=947673&view=auto ============================================================================== --- synapse/trunk/java/modules/securevault/src/main/java/org/apache/synapse/securevault/tool/CipherTool.java (added) +++ synapse/trunk/java/modules/securevault/src/main/java/org/apache/synapse/securevault/tool/CipherTool.java Mon May 24 15:42:06 2010 @@ -0,0 +1,453 @@ +/* +* Licensed to the Apache Software Foundation (ASF) under one +* or more contributor license agreements. See the NOTICE file +* distributed with this work for additional information +* regarding copyright ownership. The ASF licenses this file +* to you under the Apache License, Version 2.0 (the +* "License"); you may not use this file except in compliance +* with the License. You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, +* software distributed under the License is distributed on an +* * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +* KIND, either express or implied. See the License for the +* specific language governing permissions and limitations +* under the License. +*/ +package org.apache.synapse.securevault.tool; + +import org.apache.commons.cli.*; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.apache.synapse.securevault.*; +import org.apache.synapse.securevault.definition.CipherInformation; +import org.apache.synapse.securevault.definition.IdentityKeyStoreInformation; +import org.apache.synapse.securevault.definition.TrustKeyStoreInformation; +import org.apache.synapse.securevault.keystore.IdentityKeyStoreWrapper; +import org.apache.synapse.securevault.keystore.KeyStoreWrapper; +import org.apache.synapse.securevault.keystore.TrustKeyStoreWrapper; +import org.apache.synapse.securevault.secret.SecretInformation; + +import javax.crypto.spec.SecretKeySpec; +import java.io.*; +import java.security.Key; + +/** + * Tool for encrypting and decrypting. <br> + * <br> + * Arguments and their meanings: + * <ul> + * <li>source Either cipher or plain text as an in-lined form + * <li>sourceFile Source from a file + * <li>passphrase if a simple symmetric encryption using a pass phrase shall be used + * <li>keystore If keys are in a store, it's location + * <li>storepass Password for access keyStore + * <li>keypass To get private key + * <li>alias Alias to identify key owner + * <li>storetype Type of keyStore + * <li>keyfile If key is in a file + * <li>trusted Is KeyStore a trusted store ? . if presents this , consider as a trusted store + * <li>opmode encrypt or decrypt + * <li>algorithm encrypt or decrypt algorithm (default RSA) + * <li>outencode Currently BASE64 or BIGINTEGER16 + * <li>inencode Currently BASE64 or BIGINTEGER16 + * <p/> + * <ul> + */ +public final class CipherTool { + + /* The cipher or plain text as an in-lined */ + private static final String SOURCE_IN_LINED = "source"; + + /* The the source from a file*/ + private static final String SOURCE_FILE = "sourcefile"; + + /* Pass phrase to use for en- or decryption. */ + private static final String PASSPHRASE = "passphrase"; + + /* The argument name for KeyStore location */ + private static final String KEY_STORE = "keystore"; + + /* The KeyStore type*/ + private static final String STORE_TYPE = "storetype"; + + /* The argument name for password to access KeyStore*/ + private static final String STORE_PASS = "storepass"; + + /* The argument name for password for access private key */ + private static final String KEY_PASS = "keypass"; + + /* The alias to identify key owner */ + private static final String ALIAS = "alias"; + + /* If the key is from a file , then it's location*/ + private static final String KEY_FILE = "keyfile"; + + /* The algorithm for encrypting or decrypting */ + private static final String ALGORITHM = "algorithm"; + + /* The operation mode of cihper - encrypt or decrypt */ + private static final String OP_MODE = "opmode"; + + /* The cipher type - asymmetric , symmetric */ + private static final String CIPHER_TYPE = "ciphertype"; + + /* If the target has to be written to a file*/ + private static final String TARGET_FILE = "targetfile"; + + /* If the output of cipher operation need to be encode - only base64*/ + private static final String OUT_TYPE = "outencode"; + + /* If the encode of the input type base64*/ + private static final String IN_TYPE = "inencode"; + + /* Is this keyStore a trusted one */ + private static final String TRUSTED = "trusted"; + + private static Log log = LogFactory.getLog(CipherTool.class); + + private CipherTool() { + } + + public static void main(String[] args) throws Exception { + + // loads the options + Options options = getOptions(); + + // create the command line parser + CommandLineParser parser = new GnuParser(); + + // parse the command line arguments + try { + CommandLine cmd = parser.parse(options, args); + + // Loads the cipher relate information + CipherInformation cipherInformation = getCipherInformation(cmd); + + // Source as an in-lined + String source = getArgument(cmd, SOURCE_IN_LINED, null); + assertEmpty(source, SOURCE_IN_LINED); + + Key key = findKey(cmd, cipherInformation); + + boolean isEncrypt = (cipherInformation.getCipherOperationMode() == + CipherOperationMode.ENCRYPT); + + EncryptionProvider encryptionProvider = null; + DecryptionProvider decryptionProvider = null; + + if (key != null) { + + if (isEncrypt) { + encryptionProvider = CipherFactory.createCipher(cipherInformation, key); + } else { + decryptionProvider = CipherFactory.createCipher(cipherInformation, key); + } + + } else { + + boolean isTrusted = isArgumentPresent(cmd, TRUSTED); + + KeyStoreWrapper keyStoreWrapper; + + if (isTrusted) { + keyStoreWrapper = new TrustKeyStoreWrapper(); + ((TrustKeyStoreWrapper) keyStoreWrapper).init(getTrustKeyStoreInformation(cmd)); + } else { + keyStoreWrapper = new IdentityKeyStoreWrapper(); + //Password for access private key + String keyPass = getArgument(cmd, KEY_PASS, null); + assertEmpty(keyPass, KEY_PASS); + ((IdentityKeyStoreWrapper) keyStoreWrapper).init( + getIdentityKeyStoreInformation(cmd), keyPass); + } + + if (isEncrypt) { + encryptionProvider = CipherFactory.createCipher(cipherInformation, + keyStoreWrapper); + } else { + decryptionProvider = CipherFactory.createCipher(cipherInformation, + keyStoreWrapper); + } + } + + PrintStream out = System.out; + if (isEncrypt) { + out.println("Output : " + new String(encryptionProvider.encrypt(source.getBytes()))); + } else { + out.println("Output : " + new String(decryptionProvider.decrypt(source.getBytes()))); + } + + } catch (ParseException e) { + handleException("Error passing arguments ", e); + } + } + + /** + * Utility method to extract command line arguments + * + * @param cmd Command line which capture all command line arguments + * @param argName Name of the argument to be extracted + * @param defaultValue The default value + * @return value of the argument if there is , o.w null + */ + private static String getArgument(CommandLine cmd, String argName, String defaultValue) { + + if (cmd == null) { + handleException("CommandLine is null"); + } + + if (argName == null || "".equals(argName)) { + if (log.isDebugEnabled()) { + log.debug("Provided argument name is null. Returning null as value"); + } + return defaultValue; + } + + if (cmd.hasOption(argName)) { + return cmd.getOptionValue(argName); + } + return defaultValue; + } + + /** + * Utility method to find boolean argument + * + * @param cmd Command line which capture all command line arguments + * @param argName Name of the argument to be extracted + * @return True if presents + */ + private static boolean isArgumentPresent(CommandLine cmd, String argName) { + if (cmd == null) { + handleException("CommandLine is null"); + } + + if (argName == null || "".equals(argName)) { + if (log.isDebugEnabled()) { + log.debug("Provided argument name is null. Returning null as value"); + } + return false; + } + + return cmd.hasOption(argName); + } + + /** + * Factory method to construct @see CipherInformation from command line options + * + * @param cmd Command line which capture all command line arguments + * @return CipherInformation object + */ + private static CipherInformation getCipherInformation(CommandLine cmd) { + + CipherInformation information = new CipherInformation(); + + information.setAlgorithm(getArgument(cmd, ALGORITHM, CipherInformation.DEFAULT_ALGORITHM)); + + information.setCipherOperationMode(CipherOperationMode.valueOf( + getArgument(cmd, OP_MODE, CipherOperationMode.ENCRYPT.toString()).toUpperCase())); + + String encInType = getArgument(cmd, IN_TYPE, null); + if (encInType != null) { + information.setInType(EncodingType.valueOf(encInType.toUpperCase())); + } + + String encOutType = getArgument(cmd, OUT_TYPE, null); + if (encOutType != null) { + information.setOutType(EncodingType.valueOf(encOutType.toUpperCase())); + } + + information.setType(getArgument(cmd, CIPHER_TYPE, null)); + + return information; + } + + /** + * Factory method to create a @see keyStoreInformation from command line options + * + * @param cmd Command line which capture all command line arguments + * @return KeyStoreInformation object + */ + private static IdentityKeyStoreInformation getIdentityKeyStoreInformation(CommandLine cmd) { + + IdentityKeyStoreInformation information = new IdentityKeyStoreInformation(); + String alias = getArgument(cmd, ALIAS, null); + assertEmpty(alias, ALIAS); + information.setAlias(alias); + String keyStore = getArgument(cmd, KEY_STORE, null); + assertEmpty(keyStore, KEY_STORE); + information.setLocation(keyStore); + information.setStoreType(getArgument(cmd, STORE_TYPE, KeyStoreType.JKS.toString())); + String storePass = getArgument(cmd, STORE_PASS, null); + assertEmpty(storePass, STORE_PASS); + SecretInformation secretInformation = new SecretInformation(); + secretInformation.setAliasSecret(storePass); + information.setKeyStorePasswordProvider(secretInformation); + + return information; + } + + /** + * Factory method to create a @see keyStoreInformation from command line options + * + * @param cmd Command line which capture all command line arguments + * @return KeyStoreInformation object + */ + private static TrustKeyStoreInformation getTrustKeyStoreInformation(CommandLine cmd) { + + TrustKeyStoreInformation information = new TrustKeyStoreInformation(); + information.setAlias(getArgument(cmd, ALIAS, null)); + String keyStore = getArgument(cmd, KEY_STORE, null); + assertEmpty(keyStore, KEY_STORE); + information.setLocation(keyStore); + information.setStoreType(getArgument(cmd, STORE_TYPE, KeyStoreType.JKS.toString())); + String storePass = getArgument(cmd, STORE_PASS, null); + assertEmpty(storePass, STORE_PASS); + SecretInformation secretInformation = new SecretInformation(); + secretInformation.setAliasSecret(storePass); + information.setKeyStorePasswordProvider(secretInformation); + + return information; + } + + /** + * Factory method to create options + * + * @return Options object + */ + private static Options getOptions() { + + Options options = new Options(); + + Option source = new Option(SOURCE_IN_LINED, true, "Plain text in-lined"); + Option sourceFile = new Option(SOURCE_FILE, true, "Plain text from a file"); + + Option passphrase = new Option(PASSPHRASE, true, + "Passphrase to use for symmetric en- or decryption."); + + Option keyStore = new Option(KEY_STORE, true, "Private key entry KeyStore"); + Option storeType = new Option(STORE_TYPE, true, " KeyStore type"); + Option storePassword = new Option(STORE_PASS, true, "Password for keyStore access"); + Option keyPassword = new Option(KEY_PASS, true, "Password for access private key entry"); + Option alias = new Option(ALIAS, true, "Alias name for identify key owner"); + Option trusted = new Option(TRUSTED, false, "Is this KeyStore trusted one"); + + Option keyFile = new Option(KEY_FILE, true, "Private key from a file"); + Option cipherType = new Option(CIPHER_TYPE, true, "Cipher type"); + Option opMode = new Option(OP_MODE, true, "encrypt or decrypt"); + + Option algorithm = new Option(ALGORITHM, true, "Algorithm to be used"); + Option targetFile = new Option(TARGET_FILE, true, "Target file"); + Option outType = new Option(OUT_TYPE, true, "Encode type for output"); + Option intType = new Option(IN_TYPE, true, "Encode type of input source"); + + options.addOption(source); + options.addOption(sourceFile); + + options.addOption(passphrase); + options.addOption(keyStore); + options.addOption(storeType); + options.addOption(storePassword); + options.addOption(keyPassword); + options.addOption(alias); + options.addOption(trusted); + + options.addOption(keyFile); + + options.addOption(algorithm); + options.addOption(cipherType); + options.addOption(opMode); + + options.addOption(targetFile); + options.addOption(outType); + options.addOption(intType); + + return options; + } + + /** + * Factory method to retrieve a previously stored key in a file + * + * @param filePath Path to file + * @return Retrieved key + */ + private static Key getKey(String filePath) { + + if (filePath == null || "".equals(filePath)) { + handleException("File path cannot be empty or null"); + } + + File keyFile = new File(filePath); + if (!keyFile.exists()) { + handleException("File cannot be found in : " + filePath); + } + + ObjectInputStream in = null; + try { + in = new ObjectInputStream(new FileInputStream(keyFile)); + Object object = in.readObject(); + if (object instanceof Key) { + return (Key) object; + } + + } catch (IOException e) { + handleException("Error reading key from given path : " + filePath, e); + } catch (ClassNotFoundException e) { + handleException("Cannot load a key from the file : " + filePath, e); + } finally { + if (in != null) { + try { + in.close(); + } catch (IOException ignored) { + } + } + } + return null; + } + + /** + * Find the key based on the given command line arguments + * + * @param cmd command line arguments + * @param cipherInformation cipher information + * @return an valid <code>Key</code> if found , otherwise + */ + private static Key findKey(CommandLine cmd, CipherInformation cipherInformation) { + // if pass phrase is specified, use simple symmetric en-/decryption + String passPhrase = getArgument(cmd, PASSPHRASE, null); + + Key key = null; + + if (passPhrase != null) { + key = new SecretKeySpec(passPhrase.getBytes(), cipherInformation.getAlgorithm()); + + } else { + // Key information must not contain any password + // If Key need to be loaded from a file + String keyFile = getArgument(cmd, KEY_FILE, null); + + if (keyFile != null) { + key = getKey(keyFile); + } + } + return key; + } + + private static void handleException(String msg, Exception e) { + log.error(msg, e); + throw new SecureVaultException(msg, e); + } + + private static void handleException(String msg) { + log.error(msg); + throw new SecureVaultException(msg); + } + + private static void assertEmpty(String value, String key) { + if (value == null || "".equals(value)) { + handleException("The argument : " + key + " : cannot be null or empty."); + } + } +}
Modified: synapse/trunk/java/pom.xml URL: http://svn.apache.org/viewvc/synapse/trunk/java/pom.xml?rev=947673&r1=947672&r2=947673&view=diff ============================================================================== --- synapse/trunk/java/pom.xml (original) +++ synapse/trunk/java/pom.xml Mon May 24 15:42:06 2010 @@ -234,6 +234,11 @@ <!-- Synapse --> <dependency> <groupId>org.apache.synapse</groupId> + <artifactId>synapse-securevault</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> + <groupId>org.apache.synapse</groupId> <artifactId>synapse-commons</artifactId> <version>${project.version}</version> </dependency> @@ -797,6 +802,7 @@ </repositories> <modules> + <module>modules/securevault</module> <module>modules/commons</module> <module>modules/transports</module> <module>modules/tasks</module> Modified: synapse/trunk/java/repository/conf/synapse.properties URL: http://svn.apache.org/viewvc/synapse/trunk/java/repository/conf/synapse.properties?rev=947673&r1=947672&r2=947673&view=diff ============================================================================== --- synapse/trunk/java/repository/conf/synapse.properties (original) +++ synapse/trunk/java/repository/conf/synapse.properties Mon May 24 15:42:06 2010 @@ -44,33 +44,33 @@ ############################################################################# # The following property specifies a global password provider implementation # which will be used globally if not overridden in specific configurations -# synapse.passwordProvider=<any implementation of org.apache.synapse.commons.security.secret.SecretCallbackHandler> +# synapse.passwordProvider=<any implementation of org.apache.synapse.securevault.secret.SecretCallbackHandler> #Examples: -#synapse.passwordProvider=org.apache.synapse.commons.security.secret.handler.SecretManagerSecretCallbackHandler -#synapse.passwordProvider=org.apache.synapse.commons.security.secret.handler.JMXSecretCallbackHandler -#synapse.passwordProvider=org.apache.synapse.commons.security.secret.handler.JlineSecretCallbackHandler -#synapse.passwordProvider=org.apache.synapse.commons.security.secret.handler.JBossEncryptionSecretCallbackHandler +#synapse.passwordProvider=org.apache.synapse.securevault.secret.handler.SecretManagerSecretCallbackHandler +#synapse.passwordProvider=org.apache.synapse.securevault.secret.handler.JMXSecretCallbackHandler +#synapse.passwordProvider=org.apache.synapse.securevault.secret.handler.JlineSecretCallbackHandler +#synapse.passwordProvider=org.apache.synapse.securevault.secret.handler.JBossEncryptionSecretCallbackHandler #synapse.protectedTokens= # #secretRepositories=file -#secretRepositories.file.provider=org.apache.synapse.commons.security.secret.repository.FileBaseSecretRepositoryProvider +#secretRepositories.file.provider=org.apache.synapse.securevault.secret.repository.FileBaseSecretRepositoryProvider #secretRepositories.file.location=cipher-text.properties # #keystore.identity.location=lib/identity.jks #keystore.identity.type=JKS #keystore.identity.alias=synapse #keystore.identity.store.password=password -#keystore.identity.store.passwordProvider=<any implementation of org.apache.synapse.commons.security.secret.SecretCallbackHandler> +#keystore.identity.store.passwordProvider=<any implementation of org.apache.synapse.securevault.secret.SecretCallbackHandler> #keystore.identity.key.password=password -#keystore.identity.key.passwordProvider=<any implementation of org.apache.synapse.commons.security.secret.SecretCallbackHandler> +#keystore.identity.key.passwordProvider=<any implementation of org.apache.synapse.securevault.secret.SecretCallbackHandler> ##keystore.identity.parameters=enableHostnameVerifier=false;keyStoreCertificateFilePath=/home/esb.cer # #keystore.trust.location=lib/trust.jks #keystore.trust.type=JKS #keystore.trust.alias=synapse #keystore.trust.store.password=password -#keystore.trust.store.passwordProvider=<any implementation of org.apache.synapse.commons.security.secret.SecretCallbackHandler> +#keystore.trust.store.passwordProvider=<any implementation of org.apache.synapse.securevault.secret.SecretCallbackHandler> # ################################################################################ # DataSources Configuration @@ -86,7 +86,7 @@ #synapse.datasources.lookupds.driverClassName=org.apache.derby.jdbc.ClientDriver #synapse.datasources.lookupds.url=jdbc:derby://localhost:1527/lookupdb;create=false # Optionally you can specify a specific password provider implementation which overrides any globally configured provider -#synapse.datasources.lookupds.passwordProvider=org.apache.synapse.commons.security.secret.handler.JBossEncryptionSecretCallbackHandler +#synapse.datasources.lookupds.passwordProvider=org.apache.synapse.securevault.secret.handler.JBossEncryptionSecretCallbackHandler #synapse.datasources.lookupds.username=synapse # Depending on the password provider used, you may have to use an encrypted password here! #synapse.datasources.lookupds.password=synapse @@ -104,7 +104,7 @@ #synapse.datasources.reportds.driverClassName=org.apache.derby.jdbc.ClientDriver #synapse.datasources.reportds.url=jdbc:derby://localhost:1527/reportdb;create=false # Optionally you can specify a specific password provider implementation which overrides any globally configured provider -#synapse.datasources.reportds.passwordProvider=org.apache.synapse.commons.security.secret.handler.JBossEncryptionSecretCallbackHandler +#synapse.datasources.reportds.passwordProvider=org.apache.synapse.securevault.secret.handler.JBossEncryptionSecretCallbackHandler #synapse.datasources.reportds.username=synapse # Depending on the password provider used, you may have to use an encrypted password here! #synapse.datasources.reportds.password=synapse @@ -122,7 +122,7 @@ synapse.jmx.jndiPort=0 # By default the hostname will be detected, but you can force to use another network interface #synapse.jmx.hostname= # Optionally you can specify a specific secret provider implementation which overrides any globally configured provider -#synapse.jmx.passwordProvider=org.apache.synapse.commons.security.secret.handler.JBossEncryptionSecretCallbackHandler +#synapse.jmx.passwordProvider=org.apache.synapse.securevault.secret.handler.JBossEncryptionSecretCallbackHandler # By default no authentication is required, but you may enforce this by specifying a username and password #synapse.jmx.username=admin # Depending on the secret provider used, you may have to use an encrypted password here! Modified: synapse/trunk/java/src/site/xdoc/Synapse_Samples_Setup.xml URL: http://svn.apache.org/viewvc/synapse/trunk/java/src/site/xdoc/Synapse_Samples_Setup.xml?rev=947673&r1=947672&r2=947673&view=diff ============================================================================== --- synapse/trunk/java/src/site/xdoc/Synapse_Samples_Setup.xml (original) +++ synapse/trunk/java/src/site/xdoc/Synapse_Samples_Setup.xml Mon May 24 15:42:06 2010 @@ -924,34 +924,35 @@ synapse.sh -sample <n></pre> <strong>password provider</strong> for each keystore. This can be done by adding property called - <strong>secretProvider= any implementation of org.apache.synapse.commons.security.secret.SecretCallbackHandler + <strong>secretProvider= any implementation of + org.apache.synapse.securevault.secret.SecretCallbackHandler </strong> Example <pre> - keystore.identity.store.secretProvider=org.apache.synapse.commons.security.secret.handler.JMXSecretCallbackHandler + keystore.identity.store.secretProvider=org.apache.synapse.securevault.secret.handler.JMXSecretCallbackHandler </pre> </p> <p> The <strong>password provider</strong> should be an implementation of - <strong>org.apache.synapse.commons.security.secret.SecretCallbackHandler</strong>.Synapse ships three + <strong>org.apache.synapse.securevault.secret.SecretCallbackHandler</strong>.Synapse ships three implementations that can be used for this purpose. <ul> <li> - org.apache.synapse.commons.security.secret.handler.JMXSecretCallbackHandler + org.apache.synapse.securevault.secret.handler.JMXSecretCallbackHandler </li> <li> - org.apache.synapse.commons.security.secret.handler.JlineSecretCallbackHandler + org.apache.synapse.securevault.secret.handler.JlineSecretCallbackHandler </li> <li> - org.apache.synapse.commons.security.secret.handler.HardCodedSecretCallbackHandler + org.apache.synapse.securevault.secret.handler.HardCodedSecretCallbackHandler </li> <li> - org.apache.synapse.commons.security.secret.handler.JBossEncryptionSecretCallbackHandler + org.apache.synapse.securevault.secret.handler.JBossEncryptionSecretCallbackHandler </li> </ul> <p> - When use <strong>org.apache.synapse.commons.security.secret.handler.JMXSecretCallbackHandler</strong> + When use <strong>org.apache.synapse.securevault.secret.handler.JMXSecretCallbackHandler</strong> , It is needed to use a JMX Console. Then , using JMX Console need to access the MBean <strong>SecretsProvider</strong> and add passwords for following keys. Therese is method to add secret in @@ -978,7 +979,7 @@ synapse.sh -sample <n></pre> </p> <pre>secretRepositories=file - secretRepositories.file.provider=org.apache.synapse.commons.security.secret.repository.FileBaseSecretRepositoryProvider + secretRepositories.file.provider=org.apache.synapse.securevault.secret.repository.FileBaseSecretRepositoryProvider secretRepositories.file.location=cipher-text.properties </pre> @@ -1070,10 +1071,10 @@ synapse.datasources.reportds.maxWait=100 The <strong>password provider</strong> should be an implementation of - <strong>org.apache.synapse.commons.security.secret.SecretCallbackHandler</strong>. There are few + <strong>org.apache.synapse.securevault.secret.SecretCallbackHandler</strong>. There are few options but it is recommended to use - <strong>org.apache.synapse.commons.security.secret.handler.SecretManagerSecretCallbackHandler</strong> + <strong>org.apache.synapse.securevault.secret.handler.SecretManagerSecretCallbackHandler</strong> in this case (i.e. securing data source password). </p> @@ -1085,7 +1086,7 @@ synapse.datasources.reportds.maxWait=100 </strong> </p> <pre> - synapse.datasources.lookupds.secretProvider=org.apache.synapse.commons.security.secret.handler.SecretManagerSecretCallbackHandler + synapse.datasources.lookupds.secretProvider=org.apache.synapse.securevault.secret.handler.SecretManagerSecretCallbackHandler </pre> </div> <h2>Using CipherTool</h2>
