Hello everyone, I have recently set up Jasypt encryption with my Apache Karaf 4.4.1 instance. I was able to successfully encrypt and retrieve data in my Blueprint XML files using the following configuration: jasypt-encryptor.xml (placed in the deploy folder):
<?xml version="1.0" encoding="UTF-8"?> <blueprint ...> <bean id="standardPBEStringEncryptor" class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor"> <property name="config"> <bean class="org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig"> <property name="algorithm" value="PBEWithHmacSHA256AndAES_256"/> <property name="password" value="$[jasypt.master.password]"/> <property name="ivGenerator"> <bean class="org.jasypt.iv.RandomIvGenerator"/> </property> </bean> </property> </bean> <!-- Register the Encryptor Service --> <service ref="standardPBEStringEncryptor" interface="org.jasypt.encryption.StringEncryptor"/> <!-- Property Placeholder Configuration --> <ext:property-placeholder placeholder-prefix="$[" placeholder-suffix="]"> <ext:location>file:etc/jasypt-mp.properties</ext:location> </ext:property-placeholder> </blueprint> This setup allows me to decrypt data in my Blueprint XML files: ldap-module.xml (also in the deploy folder): <?xml version="1.0" encoding="UTF-8"?> <blueprint ...> <jaas:config name="karaf" rank="1"> <jaas:module className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule" flags="required"> connection.url = ${connection.url} connection.username= ${ldap.user} connection.password= ${ldap.password} </jaas:module> </jaas:config> <cm:property-placeholder persistent-id="p_ldap"/> <cm:property-placeholder persistent-id="p_stores" placeholder-prefix="$|" placeholder-suffix="|"/> <ext:property-placeholder placeholder-prefix="$[" placeholder-suffix="]"/> <jaas:keystore name="ks" path="file:$[karaf.etc]/server/truststore.jks" keystorePassword="$|keystore.password|"/> <reference id="encryptorService" interface="org.jasypt.encryption.StringEncryptor"/> <enc:property-placeholder encryptor-ref="encryptorService"/> </blueprint> This configuration allows me to retrieve my encrypted properties correctly (e.g., ldap.password="ENC(encrypted_password)"). However, I am facing difficulties applying the same ENC(...) method in my org.ops4j.pax.web.cfg file to decrypt keystore and truststore passwords. It appears that I haven't specified anywhere that the decryptor should be used for these configurations. I am experiencing a similar issue with my org.ops4j.datasource-x.cfg files, which register as datasources in my Apache Karaf instance. I've reviewed the Karaf documentation and other resources but haven't found a clear solution to this problem. Does anyone have experience or insights on how to resolve this issue? Specifically, how can I configure my setup to use the Jasypt decryptor for these .cfg files? Thank you in advance for your help! Best regards