0

I have a spring application running on Jboss. I have passwords that I dont want to store in the DB. Those passwords are used inside the application code e.g. Email account password to send emails via Java mail API.

I would like to store the passwords in the JBoss Vault. https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.2/html/how_to_configure_server_security/securely_storing_credentials#password_vault

My question is does this tool have a java API? Can I store and retrive the password inside my application code?

I know that I can call the vault.bat from my java code, but I was checking for a better idea.

Rasha Elsayed
  • 660
  • 1
  • 7
  • 22

1 Answers1

0

The Vault mechanism

Hello, so you can use the Vault to encrypt the data that are appear on the configuration files of JBoss. You can use for example to encrypt the DB password that you use on the standalone.xml configuration. It is not an API perse.

Application Encryption

That vault mechanism is not appropriate to encrypt application side data, you will need to do this you can follow the answer provided by Johannes Brodwall seems very complete and the complementary answer by user1007231 will help you with the Master password.

Credential Store

As the Guide Suggests on 3.1 Credential Store, it is recommended to use a Credential Store.

Francisco Melo junior
  • 338
  • 2
  • 10
  • Thanks for your answer. You are right that Vault is not meant to encrypt application data. The link you provided uses symmetric cryptography. That means encryption and decryption using one secret key. This can be ok, but then one should store the secret key somewhere (value returned from createSecretKey) or at least the parameters used to get it (password, salt). A better approach may be using the Asymmetric encryption using public/private key. Here is a link https://www.mkyong.com/java/java-asymmetric-cryptography-example/ – Rasha Elsayed Oct 22 '19 at 08:33
  • Thanks for the compliment and the complement as well. I will edit here. – Francisco Melo junior Oct 22 '19 at 14:39