Skip to Content

Encrypting the SSL password in standalone.xml files

When you upgrade to Service Pack 6 for BRPM version 5.0, the BRPM vault is configured by default. To view the vault configuration, navigate to the standalone-full*.xml files by using the path <RPM_HOME>/server/jboss/standalone/configuration/ .

<vault>
<vault-option name="KEYSTORE_URL" value="${jboss.server.config.dir}/vault/vault.keystore"/>
<vault-option name="KEYSTORE_PASSWORD" value="******"/>
<vault-option name="KEYSTORE_ALIAS" value="Vault"/>
<vault-option name="SALT" value="BmC$4V@t"/>
<vault-option name="ITERATION_COUNT" value="95"/>
<vault-option name="ENC_FILE_DIR" value="${jboss.server.config.dir}/vault/"/>
</vault>

You can store the cleartext SSL password in this BRPM vault, and you must use its reference variable in the following configuration files:

Configuration

Deployment

File

HTTP

Non-high-availability

standalone-full.xml

High-availability

standalone-full-ha.xml

HTTPS

Non-high-availability

standalone-full-https.xml

High-availability

standalone-full-ha-https.xml

The BRPM supports the vault.sh utility. In this utility, you can perform the following operations:

Operation

Description

Inputs

`Procedure

Add

Operation to store the cleartext password in the BRPM vault

  1. Attribute name
  2. Cleartext SSL password
To store the SSL password

To store the SSL password in the  BRPM vault, do the following:

  1. Stop the BRPM service.
  2. Go to <RPMhome>\bin

  3. Set the environment by using setenv.sh.

    Information
    Example
    [root@h[root@host1 bin]# . /opt/bmc/RLM/bin/setenv.sh
  4. Trigger the ./rpm_vault.sh utility.
  5. Run the command ./rpm_vault.sh add .image2022-1-11_18-45-22.png
  6. Enter the variable name and the value to be encrypted.
  7. Replace the cleartext password in the four standalone.xml files with the vault attribute, highlighted in the preceding figure. The replaced file is as follows:image2021-12-15_15-11-29.png
  8. Start the BRPM service.
Warning

Important

For Windows users, do the following:

  1. Go to C:\Program Files\BMC Software\RLM\bin>.
  2. Set the environment by using setenv.bat.
  3. Trigger the ./rpm_vault.bat utility.
  4. Run the command: ./rpm_vault.bat add . Go to Step 6.

Check

Operation to validate if an attribute already exists

Attribute name

To check an attribute
  1. Stop the BRPM service.
  2. Go to <RPMhome>\bin.

  3. Set the environment by using setenv.sh

    Information
    Example
    [root@h[root@host1 bin]# . /opt/bmc/RLM/bin/setenv.sh
  4. Trigger the ./rpm_vault.sh utility.
  5. Run the command ./rpm_vault.sh check.  image2022-1-3_17-21-30.png
  6. Start the BRPM service.
Warning

Important

For Windows users, do the following:

  1. Go to C:\Program Files\BMC Software\RLM\bin>.
  2. Set the environment by using setenv.bat.
  3. Trigger the ./rpm_vault.bat utility.
  4. Run the command: ./rpm_vault.sh check
  5. Start the BRPM service.

Remove

Operation to delete an attribute

Attribute name

To remove an attribute
  1. Stop the BRPM service.
  2. Go to <RPMhome>\bin.

  3. Set the environment by using setenv.sh

    Information
    Example
    [root@h[root@host1 bin]# . /opt/bmc/RLM/bin/setenv.sh
  4. Trigger the ./rpm_vault.sh utility.
  5. Run the command ./rpm_vault.sh removeimage2022-1-3_17-16-50.png
  6. Start the BRPM service.
Warning

Important

For Windows users, do the following:

  1. Go to C:\Program Files\BMC Software\RLM\bin>.
  2. Set the environment by using setenv.bat.
  3. Trigger the ./rpm_vault.bat utility.
  4. Run the command ./rpm_vault.sh remove
  5. Start the BRPM service.


Related topic

Administering

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC Release Process Management 5.0.07