Encrypting Password for Data Source

To encrypt the password for data source on JBoss WildFly application server, update the standalone.xml file.

1. Add SecureIdentityLoginModule and Security Domain
   1. Go to $JBOSS_HOME/standalone/configuration directory and open the standalone.xml file.
   2. Under <security-domains> element, add the EncryptedPassword security-domain and SecureIdentityLoginModule along with username and password module options. For example,

      <security-domains>
      <security-domain name="EncryptedPassword">
      					<authentication>
      <login-module code="org.picketbox.datasource.security.SecureIdentityLoginModule" flag="required">
      							<module-option name="username" value="@MDM.DB.USER@"/>
      							<module-option name="password" value="@MDM.DB.PASSWORD.ENTCRYPT@"/>
      <module-option name="managedConnectionFactoryName" value="jboss.jca:service=LocalTxCM,name=dataSource-1-PoolName,dataSource-2-PoolName"/>
      						</login-module>
      					</authentication>
      				</security-domain>
      </security-domains>

   3. Under the <datasources> element, remove the following existing <user-name> and <password> from the <security> element because you have already added <user-name> and <password> as module options in the previous step:

      <datasources>

      <datasource ... >

      .....

        <security>

          <user-name>mdmuser</user-name>

          <password>mdmpassword</password>

        </security>

      </datasource>

      </datasources>

   4. Under the <datasources> element, add the EncryptedPassword security-domain, such as:

      <datasources>

      <datasource ... >

      .....

      <security>

                 <security-domain>EncryptedPassword</security-domain>

      </security>

      </datasource>

      </datasources>

   5. Save the updated standalone.xml file.
2. Encrypt Password
   1. On the command line, type $JBOSS_HOME.
   2. Enter the following command:

      java -cp modules\org\picketbox\main\picketbox-version.final.jar;modules\org\jboss\logging\main\jboss-logging-version.GA.jar org.picketbox.datasource.security.SecureIdentityLoginModule password

      Note: Verify the versions of the picketbox and logging JAR files in the $JBOSS_HOME directory and specify them in the command accordingly.

      The command returns the encrypted password. You can use the returned password in your security domain.