RE: Encrypting property values in .cfg files

Tue, 06 Nov 2018 07:44:46 -0800 

Hi JB,

I'd prefer the ability to use SCR and just supply a StringEncryptor service if 
I could.  I'll use blueprint, tried it actually but didn't get it to work. 
Being able to use SCR would probably be optimal though.

I installed the jasypt-encryption feature and tried it with the encrypted pwd 
wrapped by ENC() in my .cgf file.  I haven't used blueprint in sometime btw.  I 
don't recall having to explicitly install blueprint, is it no longer part of 
boot feature set?  Also, I'm unfamiliar with "property-placeholder".  What's 
the purpose that that over a <service> element?

Thanks, Scott

  <enc:property-placeholder>
    <enc:encryptor class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor">
      <property name="config">
        <bean class="org.jasypt.encryption.pbe.config.EnvironmentPBEConfig">
          <property name="algorithm" value="PBEwithMD5andDES"/>
          <property name="password"  value="my-crazy-pwd"/>
<!--
          <property name="passwordEnvName" value="ENCRYPTION_PWD"/>  -->
        </bean>
      </property>
    </enc:encryptor>
  </enc:property-placeholder>


-----Original Message-----
From: Jean-Baptiste Onofré <j...@nanthrax.net> 
Sent: Monday, November 05, 2018 11:02 PM
To: user@karaf.apache.org
Subject: Re: Encrypting property values in .cfg files

Hi Scott,

You want to use it blueprint, SCR or directly ConfigAdmin ?

If you use the {enc:} format, it should work at least with blueprint jasypt 
namespace.

For a generic way, we have a Jira about that. Basically, it would be a 
ConfigListener to do intercepting the {enc:} prefix in property values.
I can work on this one.

Regards
JB

On 05/11/2018 23:25, Leschke, Scott wrote:
> I'm looking to encrypt passwords the are currently in plaintext in a 
> few of my .cfg files.  I've looked at how to do that and it seemed 
> reasonably straightforward although I've had some difficulty getting 
> it working.  I'm wondering if there's anything that prevents me from 
> just supplying a service myself that implements the
> */org.jasypt.encryption.StringEncryptor/* interface rather than using 
> the Karaf jasypt-encryption service.
> 
>  
> 
> I've tried it but that doesn't seem to want to work either so I'm 
> wondering if there's a reason it doesn't.
> 
>  
> 
> Scott
> 
>  
> 
>  
> 

--
Jean-Baptiste Onofré
jbono...@apache.org
http://blog.nanthrax.net
Talend - http://www.talend.com

Reply via email to