Wednesday, May 11, 2016

Configure "Secure Vault" to secure plain text passwords in WSO2 config files

If we take a WSO2 product, there are so many config files which contains plain text passwords. This blog post explains how we can secure those passwords.

Let's take WSO2 DAS . analytics-datasource.xml file and secure the password in following configuration.


Step 1:
Go to <WSO2_DAS>/repository/conf/security and add the following line to the cipher-tool.properties file

Create alias with file path, xpath to the element and boolean value true.

Step 2:
Add the following line to the cipher-text.properties file.

You have to provide the alias with the plain text password

Step 3:
Go to <WSO2_DAS>/bin and execute ./ciphertool.sh -Dconfigure

This will,
- Encrypt the password defined in cipher-text.properties file
- Configure the analytics-datasauces.xml as follows

Step 4: Restart the server.

How to change a password

Configure cipher-text.properties file with the password you want to change.  You need to remove the encrypted value and replace it with plain text password with  [ ] square brackets.
Execute the ./ciphertool.sh -Dconfigure
Start the server.

No comments: