I want to access a password stored in a elytron credential store using system properties in jboss eap 7.4 version

Question

This is what a wildfly credential store is https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.1/html/how_to_configure_server_security/securely_storing_credentials#cred_store_use

I want to access such a credential store made in jboss elytron using system properties in the standalone-full.xml file as below,

<system-properties>
       <property name="RSA_KEY_TEST" value="give the alias here and then access the credential store password"/>
    </system-properties>

I tried passing below tag inside the value attribute of the system property but it did not work.

<property name="RSA_KEY_TEST" value="<credential-reference store="credential-store" alias="DBPasswordCredential"/>" /> 

Answer 1

You can use a Encrypted Expression in JBoss EAP 7.4.4 and above

Basicaly you need to create a secret-key-credential-store

/subsystem=elytron/secret-key-credential-store=initial:add(relative-to=jboss.server.config.dir, path=initial.cs)

Activate the handler

/subsystem=elytron/expression=encryption:add(resolvers=[{name=initial-resolver, credential-store=initial, secret-key=key}])

And store the secret

/subsystem=elytron/expression=encryption:create-expression(resolver=initial-resolver, clear-text=MyPassword)
{
    "outcome" => "success",
    "result" => {"expression" =>"${ENC::initial-resolver:RUxZAUMQEH6CP3xXyAqYzqsC3oNayyeGH32wsdAZ8VLkkxaEmWc=}"}
}

Now you could use it in the system property

<system-properties>
       <property name="RSA_KEY_TEST" value="${ENC::initial-resolver:RUxZAUMQEH6CP3xXyAqYzqsC3oNayyeGH32wsdAZ8VLkkxaEmWc=}"/>
    </system-properties>