Secure Vault Tool

WSO2 G-Reg 5.0.0 onwards a UI component has been shipped to secure all the in-line passwords configured in G-Reg RXT configuration. This guide describes how security component can be configured for use effectively.

How it Works?

Since the Security implementation has been based on the WSO2 Carbon Secure Vault API, it's required that the user need to run pre Cipher tool configuration script to setup the secure vault environment

• Carbon Server's primary keystore is used for encrypting and decrypting passwords, which can be found in PRODUCT_HOME/repository/resources/security folder.
• Secret-conf.properties (this file keeping the all the required pre-configuration that will be read during the password encryption decryption operation)

e.g secret-conf.properties

keystore.identity.location=GREG_HOME/repository/resources/security/wso2carbon.jks

keystore.identity.type=JKS

keystore.identity.store.password=identity.store.password

keystore.identity.store.secretProvider=com.sample.password.callback.handler.HardCodedSecretCallbackHandler

secretRepositories.file.provider=org.wso2.securevault.secret.repository.FileBaseSecretRepositoryProvider

secretRepositories.file.location=repository/conf/security/cipher-text.properties

secretRepositories=file

keystore.identity.key.password=identity.key.password

carbon.secretProvider=org.wso2.securevault.secret.handler.SecretManagerSecretCallbackHandler

keystore.identity.key.secretProvider=com.sample.password.callback.handler.HardCodedSecretCallbackHandler

keystore.identity.alias=wso2carbon

Figure 1: Secure Vault password management tool list view

Sample

<twitter.config>

<consumerSecret>xx</oauth.consumerSecret>

<accessTokenSecret>{wso2:vault-lookup('xx')}</accessTokenSecret>

<accessToken>{wso2:vault-lookup('xx')}</accessToken>

<consumerKey>{wso2:vault-lookup('xx')}</consumerKey>