Hello everyone,
I have recently set up Jasypt encryption with my Apache Karaf 4.4.1 instance. I
was able to successfully encrypt and retrieve data in my Blueprint XML files
using the following configuration:
jasypt-encryptor.xml (placed in the deploy folder):
<?xml version="1.0" encoding="UTF-8"?>
<blueprint ...>
<bean id="standardPBEStringEncryptor"
class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor">
<property name="config">
<bean
class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig">
<property name="algorithm" value="PBEWithHmacSHA256AndAES_256"/>
<property name="password" value="$[jasypt.master.password]"/>
<property name="ivGenerator">
<bean class="org.jasypt.iv.RandomIvGenerator"/>
</property>
</bean>
</property>
</bean>
<!-- Register the Encryptor Service -->
<service ref="standardPBEStringEncryptor"
interface="org.jasypt.encryption.StringEncryptor"/>
<!-- Property Placeholder Configuration -->
<ext:property-placeholder placeholder-prefix="$[" placeholder-suffix="]">
<ext:location>file:etc/jasypt-mp.properties</ext:location>
</ext:property-placeholder>
</blueprint>
This setup allows me to decrypt data in my Blueprint XML files:
ldap-module.xml (also in the deploy folder):
<?xml version="1.0" encoding="UTF-8"?>
<blueprint ...>
<jaas:config name="karaf" rank="1">
<jaas:module
className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule" flags="required">
connection.url = ${connection.url}
connection.username= ${ldap.user}
connection.password= ${ldap.password}
</jaas:module>
</jaas:config>
<cm:property-placeholder persistent-id="p_ldap"/>
<cm:property-placeholder persistent-id="p_stores" placeholder-prefix="$|"
placeholder-suffix="|"/>
<ext:property-placeholder placeholder-prefix="$[" placeholder-suffix="]"/>
<jaas:keystore name="ks" path="file:$[karaf.etc]/server/truststore.jks"
keystorePassword="$|keystore.password|"/>
<reference id="encryptorService"
interface="org.jasypt.encryption.StringEncryptor"/>
<enc:property-placeholder encryptor-ref="encryptorService"/>
</blueprint>
This configuration allows me to retrieve my encrypted properties correctly
(e.g., ldap.password="ENC(encrypted_password)").
However, I am facing difficulties applying the same ENC(...) method in my
org.ops4j.pax.web.cfg file to decrypt keystore and truststore passwords. It
appears that I haven't specified anywhere that the decryptor should be used for
these configurations. I am experiencing a similar issue with my
org.ops4j.datasource-x.cfg files, which register as datasources in my Apache
Karaf instance.
I've reviewed the Karaf documentation and other resources but haven't found a
clear solution to this problem. Does anyone have experience or insights on how
to resolve this issue? Specifically, how can I configure my setup to use the
Jasypt decryptor for these .cfg files?
Thank you in advance for your help!
Best regards
