Hi, I'm using Apache Rampart 1.1.
I have a question about the crypto properties, specifically the keystore password. It's stored as a plain text property - org.apache.ws.security.crypto.merlin.keystore.password=password org.apache.ws.security.crypto.merlin.file=key.jks Jetty has a facility to obfuscate a password property, and we've used this to store the SSL keystore password in the jetty.xml config file - <Set name="Keystore"> mykey.jks</Set> <Set name="Password">OBF:xxxxxxxxxxxxx</Set> However I don't know if Rampart has a similar feature. We would obviously prefer not to store a plain text password in a file. I would appreciate any comments, or an indication of whether it's supported or not. If this isn't a supported feature, then I think it should be considered, as this is a security flaw. Thanks. Andrew.
