Encrypting the SSL password in the standalone.xml file

When you upgrade to Service Pack 8 for BRPM version 5.0, the BRPM vault is configured by default. To view the vault configuration, navigate to the standalone-full*.xml files by using the path <RPM_HOME>/server/jboss/standalone/configuration/.

You can store the cleartext SSL password in this BRPM vault, and you must use its reference variable in the configuration file, namely standalone-full.xml or standalone-full-ha.xml (for cluster mode).

Starting from Service Pack 8, BRPM supports the rpm_cred_store.sh utility. In this utility, you can perform the following operations:

• add_ks_cred_ref
• add_km_cred_ref
• add_alias
• read_aliases
• remove_alias

add_ks_cred_ref (Adding Key-Store Credential Reference)

This operation adds keystore attributes at a time. The inputs for the following procedure are the attribute names and cleartext SSL password:

1. Go to <RPMhome>\bin.
2. Trigger the ./rpm_cred_store.sh utility. The list of available operations is displayed.
3. Run the command ./rpm_cred_store.sh add_ks_cred_ref to add multiple attributes.

4. In the configuration file, the clear text credential reference is automatically replaced by the encrypted value for the attribute in the keystore.

   Important

   When you run this command, you are not required to manually replace each attribute of the keystore in the configuration file.

5. Restart the BRPM service.

add_km_cred_ref (Adding Key-Manager Credential Reference)

This operation adds multiple key manager attributes at a time. The inputs for the following procedure are the attribute names and cleartext SSL password:

1. Go to <RPMhome>\bin.
2. Trigger the ./rpm_cred_store.sh utility. The list of available operations is displayed.
3. Run the command ./rpm_cred_store.sh add_ks_cred_ref to add multiple attributes.

4. In the configuration file, the clear text credential reference is automatically replaced by the encrypted value for the attribute of the key manager.

   

   

   Important

   When you run this command, you are not required to manually replace each attribute of the key manager in the configuration file.

5. Restart the BRPM service.

add_alias (Storing a password)

This operation stores the cleartext password in the BRPM vault. The inputs for the following procedure are the attribute name and the cleartext SSL password:

1. Go to <RPMhome>\bin.
2. Trigger the ./rpm_cred_store.sh utility. The list of available operations is displayed.
3. Run the following command to add the attribute name you want to encrypt: ./rpm_cred_store.sh add_alias.
   
4. Enter the attribute name and the value to be encrypted.

5. In the configuration file, locate the <credential-reference clear-text="password"/> attribute and replace it with <credential-reference store = "rpmCredStore" alias="keypass"/>.

   Important

   When you run this command, you must manually replace each attribute with the encrypted text.

6. Restart the BRPM service.

read_aliases (Checking a password)

This operation verifies if an attribute already exists. The input for the following procedure is the attribute name:

1. Go to <RPMhome>\bin.
2. Trigger the ./rpm_cred_store.sh utility. The list of available operations is displayed.
3. Run the following command to generate the list of all available attributes: ./rpm_cred_store.sh read_aliases.
4. Restart the BRPM service.

remove_alias (Removing a password)

This operation deletes an attribute. The input for the following procedure is the attribute name:

1. Go to <RPMhome>\bin.
2. Trigger the ./rpm_cred_store.sh utility. The list of available operations is displayed.
3. Run the following command to delete a specific attribute: ./rpm_cred_store.sh remove_alias.
4. Enter the name of the attribute that you want to delete.
5. Delete the cleartext password in the configuration block of the subsystem. The reference syntax for replacing the password is store = "rpmCredStore" alias="keypass" .
6. Restart the BRPM service.