stackoom
  简体   繁体   中英

How we can use secure vault in wso2esb

 原文  2014-02-05 10:43:43       security/ wso2/ wso2esb/ wso2carbon

Question

I am using wso2esb4.8.0 how would i approach password hiding with secure vault option. I am unable to find a proper docs.What is the connection between wso2carbon server and wso2esb. If i wish to use secure vault in wso2esb i need to install wso2carbon server also or we have directly use that i did the below changes in 

/repository/conf/security/secret-config.properties

i have made below changes in this file but no use 

#
#keystore.identity.location=/home/youtility2/Desktop/ESB/wso2/wso2esb-4.8.0/repository/resources/security/wso2carbon.jks 
#keystore.identity.type=JKS
#keystore.identity.alias=wso2carbon
#keystore.identity.store.password=identity.store.password
#keystore.identity.store.secretProvider=com.sample.password.callback.handler.HardCodedSecretCallbackHandler
#secretRepositories.file.provider=org.wso2.securevault.secret.repository.FileBaseSecretRepositoryProvider

#secretRepositories.file.location=repository/conf/security/cipher-text.properties

#secretRepositories=file

#keystore.identity.key.password=identity.key.password

#carbon.secretProvider=org.wso2.securevault.secret.handler.SecretManagerSecretCallbackHandler

#keystore.identity.key.secretProvider=com.sample.password.callback.handler.HardCodedSecretCallbackHandler

#keystore.identity.alias=wso2carbon

#keystore.identity.key.password=wso2carbon
##keystore.identity.key.secretProvider=<any implementation of org.apache.synapse.commons.security.secret.SecretCallbackHandler>
##keystore.identity.parameters=enableHostnameVerifier=false;keyStoreCertificateFilePath=/home/esb.cer
#
#keystore.trust.location=repository/resources/security/client-truststore.jks
#keystore.trust.type=JKS
#keystore.trust.alias=wso2carbon
#keystore.trust.store.password=wso2carbon
##keystore.trust.store.secretProvider=<any implementation of org.apache.synapse.commons.security.secret.SecretCallbackHandler>
#

and restarted the esb but i am unable to use secure vault 

vault key="my.pwd.login"
pwd="****"
repeat="****"

getting errors from console like this 

ERROR - CipherInitializer No secret repositories have been configured
[2014-02-05 14:50:50,547] ERROR - CipherInitializer Either Configuration properties can not be loaded or No secret repositories have been configured please check PRODUCT_HOME/repository/conf/security  refer links related to configure WSO2 Secure vault
[2014-02-05 14:50:50,547] ERROR - MediationSecurityAdminService Either Configuration properties can not be loaded or No secret repositories have been configured please check PRODUCT_HOME/repository/conf/security  refer links related to configure WSO2 Secure vault
[2014-02-05 14:50:50,548] ERROR - MediationSecurityAdminService Failed to load security key store information ,Configure secret-conf.properties properly by referring to http://docs.wso2.org/display/Carbon402/WSO2+Carbon+Secure+Vault
org.apache.axis2.AxisFault: Failed to load security key store information ,Configure secret-conf.properties properly by referring to http://docs.wso2.org/display/Carbon402/WSO2+Carbon+Secure+Vault
    at org.wso2.carbon.mediation.security.vault.MediationSecurityAdminService.handleException(MediationSecurityAdminService.java:83)
    at org.wso2.carbon.mediation.security.vault.MediationSecurityAdminService.doEncrypt(MediationSecurityAdminService.java:54)

* * "

Thanks in Advance, faisal.

2 answers

solution1
 0  2014-02-05 11:10:43

WSO2 products like ESB, API Manager are built on top of the WSO2 Carbon framework. So, we can refer ESB, APIM etc. as carbon-based servers. So, please follow the configuration steps provided in the carbon docs page on secure vault in the ESB. I think the guide is pretty descriptive.

Please note that the lines that begin with the symbol '#' means it's a comment. So, you should remove the '#' symbol from your /repository/conf/security/secret-conf.properties file appropriately.

solution2
 0  2014-02-05 11:28:18

You can use secure vault to secure pre-defined password of the configuration file that can be found in /repository/conf directory (axis2.xml, master-datasource.xml and user-mgt.xml and so on). 1st i guess you need to identify the what the password that you want to secure. Then please configure your actual password in the cipher-text.properties file with respect to the alias. You can run the ciphertool.sh script to do other configuration in automated manner. Please refer this for more details. Please note, with default implementation, password are encrypted using the wso2carbon.jks file.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Entitlement mediator in wso2esb WSO2ESB 4.8.0 and WSO2IS 5.0.0 secure REST endpoint with OAuth2 WSO2ESB - Securing an API based on registered users or groups WSO2 ESB Secure handler in proxy WSO2 ESB 4.9.0 fails to start with security vault enabled WSO2 ESB Secure proxy : The request send to back end is signed WSO2 ESB EntitlementMediator can not send message to Identity Server What makes CakePHP secure, and how can we increase it's security? How can we secure our data from DBA? How to securing Axis2 WebService on WSO2 ESB 5.0.0?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM