Reading passwords stored in credential store in wildfly using java?

Question

I have couple of application password stored in Wildfly 17.x credential stores. How to programmatically accessing the stored passwords from credential store?

This is how the credential store is created and password is stored in it.

/subsystem=elytron/credential-store=test:add(relative-to=jboss.server.data.dir, location=test.jceks, create=true,credential-reference={clear-text=storepass})

/subsystem=elytron/credential-store=test:add-alias(alias=keystorepw,secret-value=secret)

Answer 1

I created the store in a different extension instead of jceks. Once that is fixed, I can able to read the password from the store. Took a while to figure that out because WildFly did not complain while creating the store and all worked fine except reading it programatically.

Answer 2

First forgive my writing in English. The best way i now it's using this code, with library Maven version 1.12.1.Final. Other libraries like the recent Alpha have errors with this code.

<dependency>
        <groupId>org.wildfly.security</groupId>
        <artifactId>wildfly-elytron</artifactId>
        <version>1.12.1.Final</version>
</dependency>
  

Method

public Password giveMeAPass(String alias) throws NoSuchAlgorithmException, CredentialStoreException, InvalidKeySpecException {
    /*
     * Create a ProtectionParameter for access to the store.
     */
    Password storePassword = ClearPassword.createRaw(
            ClearPassword.ALGORITHM_CLEAR,
            "storepass".toCharArray());

    ProtectionParameter protectionParameter = new CredentialSourceProtectionParameter(
            IdentityCredentials.NONE.withCredential(
                    new PasswordCredential(storePassword)));

    Security.addProvider(elytronProvider);

    CredentialStore credentialStore = CredentialStore.getInstance(
            "KeyStoreCredentialStore", csProvider);
    // Configure and Initialise the CredentialStore
    String configPath = System.getProperty("jboss.server.data.dir");
    Map<String, String> configuration = new HashMap<>();
    
    String path = configPath + File.separator + "test.jceks";
    configuration.put("keyStoreType", "JCEKS");
    configuration.put("location", path);
    configuration.put("modifiable", "false");
    
    //Inicialize credentialStore
    credentialStore.initialize(configuration, protectionParameter);

    return credentialStore.retrieve(alias, PasswordCredential.class).getPassword();
}

This method is based on your credential store.

Answer 3

If you are looking for a complete example have a look at https://github.com/wildfly-security-incubator/elytron-examples/blob/master/credential-store/src/main/java/org/wildfly/security/examples/CredentialStoreExample.java You can see there, that cs (named CREDENTIAL_STORE_PROVIDER there) and elytronProvider (named PASSWORD_PROVIDER there) are created by calling the apropriate constructor: private static final Provider CREDENTIAL_STORE_PROVIDER = new WildFlyElytronCredentialStoreProvider(); private static final Provider PASSWORD_PROVIDER = new WildFlyElytronPasswordProvider();