Encrypting Password for Data Source

To encrypt the password for data source on JBoss WildFly application server, update the standalone.xml file.

Procedure

  1. Add SecureIdentityLoginModule and Security Domain
    1. Go to $JBOSS_HOME/standalone/configuration directory and open the standalone.xml file.
    2. Under <security-domains> element, add the EncryptedPassword security-domain and SecureIdentityLoginModule along with username and password module options. For example,
      <security-domains>
      <security-domain name="EncryptedPassword">
      					<authentication>
      <login-module code="org.picketbox.datasource.security.SecureIdentityLoginModule" flag="required">
      							<module-option name="username" value="@MDM.DB.USER@"/>
      							<module-option name="password" value="@MDM.DB.PASSWORD.ENTCRYPT@"/>
      <module-option name="managedConnectionFactoryName" value="jboss.jca:service=LocalTxCM,name=dataSource-1-PoolName,dataSource-2-PoolName"/>
      						</login-module>
      					</authentication>
      				</security-domain>
      </security-domains>
    3. Under the <datasources> element, remove the following existing <user-name> and <password> from the <security> element because you have already added <user-name> and <password> as module options in the previous step:

      <datasources>

      <datasource ... >

      .....

        <security>

          <user-name>mdmuser</user-name>

          <password>mdmpassword</password>

        </security>

      </datasource>

      </datasources>

    4. Under the <datasources> element, add the EncryptedPassword security-domain, such as:

      <datasources>

      <datasource ... >

      .....

      <security>

                 <security-domain>EncryptedPassword</security-domain>

      </security>

      </datasource>

      </datasources>

    5. Save the updated standalone.xml file.
  2. Encrypt Password
    1. On the command line, type $JBOSS_HOME.
    2. Enter the following command:
      java -cp modules\org\picketbox\main\picketbox-version.final.jar;modules\org\jboss\logging\main\jboss-logging-version.GA.jar org.picketbox.datasource.security.SecureIdentityLoginModule password
      Note: Verify the versions of the picketbox and logging JAR files in the $JBOSS_HOME directory and specify them in the command accordingly.

      The command returns the encrypted password. You can use the returned password in your security domain.