Currently i am using wildly 9.0.1 server and using standalone.xml file to set database credentials. I want to fetch database credentials dynamically using jar. I am using yajsw wrapper
:: Fetch the DB_USER secret from Azure KeyVaultUtil and store it in the variable
for /f "tokens=*" %%a in ('java -cp C://MyJar.jar AzureKeyVaultUtil db-user') do set DB_USER=%%a
:: Fetch the DB_PASSWORD secret from Azure KeyVaultUtil and store it in the variable
for /f "tokens=*" %%a in ('java -cp C://MyJar.jar AzureKeyVaultUtil db-password') do set DB_PASSWORD=%%a
:: Optionally echo the values to verify
echo DB_USER: %DB_USER%
echo DB_PASSWORD: %DB_PASSWORD%
:: Start the YAJSW wrapper with the environment variables set
call java -jar wrapper.jar -c wrapper-wfly-app_Portal.conf
In my standalone.xml file, i have added following.
<user-name>${env.DB_USER}</user-name>
<password>${env.DB_PASSWORD}</password>
Now, when i run above script, it replace actual database credentials in standalone.xml file which seems to be security concerns.
I just dont want credentials to be set in standalone.xml file. is there any way i can achieve this? Any help will be appreciated.
Currently i am using wildly 9.0.1 server and using standalone.xml file to set database credentials. I want to fetch database credentials dynamically using jar. I am using yajsw wrapper
:: Fetch the DB_USER secret from Azure KeyVaultUtil and store it in the variable
for /f "tokens=*" %%a in ('java -cp C://MyJar.jar AzureKeyVaultUtil db-user') do set DB_USER=%%a
:: Fetch the DB_PASSWORD secret from Azure KeyVaultUtil and store it in the variable
for /f "tokens=*" %%a in ('java -cp C://MyJar.jar AzureKeyVaultUtil db-password') do set DB_PASSWORD=%%a
:: Optionally echo the values to verify
echo DB_USER: %DB_USER%
echo DB_PASSWORD: %DB_PASSWORD%
:: Start the YAJSW wrapper with the environment variables set
call java -jar wrapper.jar -c wrapper-wfly-app_Portal.conf
In my standalone.xml file, i have added following.
<user-name>${env.DB_USER}</user-name>
<password>${env.DB_PASSWORD}</password>
Now, when i run above script, it replace actual database credentials in standalone.xml file which seems to be security concerns.
I just dont want credentials to be set in standalone.xml file. is there any way i can achieve this? Any help will be appreciated.
Share Improve this question asked Mar 4 at 13:47 Viral ThakkarViral Thakkar 1256 bronze badges1 Answer
Reset to default 2You should store credentials in Elytron subsystem Credential Store mechanism since it is indeed a good practice to not keep sensitive information in standalone.xml. Review the security guide for more information https://docs.wildfly./35/WildFly_Elytron_Security.html#CredentialStore
Also, WildFly 9 is a very old version and you should upgrade to the latest version. Moreover, in the above script you should remove the logging of the password as that's a security issue.