Encrypted values in .cfg files

Fri, 02 Nov 2018 08:20:33 -0700 

I would like to get rid of the plaintext passwords in a number of my .cfg 
files.  I'm looking at the docs to figure out how to do it and see the 
following blueprint.
I've installed the jasypt feature already but I have a few questions regarding 
this file.


1.       Is there a Jasypt Component that can be configured using a property 
file or is blueprint required?

2.       Is there a mechanism in CA to specify that a string replacement be 
done using an environment variable or JVM property (will ${ENV_VAR} work)?

3.       I'm a bit confused by the part I highlighted. What's the purpose of 
that? It's not necessary to specify the .cfg files that will have encrypted 
properties explicitely, is it?

I don't need the .cfg file to be called out there to use ENC(encrypted_value), 
do I?

4.       Does the Jasypt feature provide a mechanism by which a string can be 
entered and the encrypted for returned? I didn't see a command. If not, is 
there a web page that provides that or some other mechanism other than writing 
some java code to tell you what the encrypted form a string is using the 
specified password?

Thanks, Scott

<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0";
           
xmlns:cm="http://aries.apache.org/blueprint/xmlns/blueprint-cm/v1.1.0";
           
xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0";
           xmlns:enc="http://karaf.apache.org/xmlns/jasypt/v1.0.0";>

  <!-- Configuration via ConfigAdmin property-placeholder -->
  <!-- the etc/*.cfg can contain encrypted values with ENC() function -->
  <cm:property-placeholder persistent-id="db" update-strategy="reload">
    <cm:default-properties>
      <cm:property name="encoded" value="ENC(${foo})"/>
    </cm:default-properties>
  </cm:property-placeholder>

  <!-- Configuration via properties file -->
  <!-- Instead of ConfigAdmin, we can load "regular" properties file from a 
location -->
  <!-- Again, the db.properties file can contain encrypted values with ENC() 
function -->
  <ext:property-placeholder>
    <ext:location>file:etc/db.properties</ext:location>
  </ext:property-placeholder>

  <enc:property-placeholder>
    <enc:encryptor class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor">
      <property name="config">
       <bean 
class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig">
          <property name="algorithm" value="PBEWithMD5AndDES"/>
          <property name="passwordEnvName" value="ENCRYPTION_PASSWORD"/>
        </bean>
      </property>
    </enc:encryptor>
  </enc:property-placeholder>

  <!-- ... -->

</blueprint>

Reply via email to