Hi, Yes, provided you are using Karaf 4.1.x, which in turn uses the pax.web 6.0.x.
Basically we use jasypt to encrypt the sensitive string, hence introduce several more properties for pax web pid, such as enc.masterpassword, enc.algorithm, enc.enabled, enc.prefix, enc.suffix. Moreover, you can configure the masterpassword for the jasypt encryptor with env variable or system property, other configuration for decryptor all have default values. Please take a look at PAXWEB-1021[1] to get more details. [1]https://ops4j1.jira.com/browse/PAXWEB-1021 <https://ops4j1.jira.com/browse/PAXWEB-1021> Cheers ------------- Freeman(Yue) Fang Red Hat, Inc. FuseSource is now part of Red Hat > On May 19, 2017, at 9:02 PM, ashonline <[email protected]> wrote: > > Hi, > > I'm in the process of configuring karaf to use SSL communication and have > therefore provided the password to the keystore in the org.ops4j.pax.web.cfg > file: > > org.ops4j.pax.web.ssl.keypassword=mypwd > > I can't however find anything in the documentation that tells me how to > encrypt the password, for example by surrounding the password digest with > {CRYPT} markers. > > Please advise whether or not this encryption capability exists or, if not, > what we can do as a workaround? It won't be acceptable for our clients to > have to type in their password in plain text for their keystore that they > will provide to our karaf based framework. > > > > -- > View this message in context: > http://karaf.922171.n3.nabble.com/Encrypted-keystore-password-tp4050396.html > Sent from the Karaf - User mailing list archive at Nabble.com.
