Hi JB, I'd prefer the ability to use SCR and just supply a StringEncryptor service if I could. I'll use blueprint, tried it actually but didn't get it to work. Being able to use SCR would probably be optimal though.
I installed the jasypt-encryption feature and tried it with the encrypted pwd wrapped by ENC() in my .cgf file. I haven't used blueprint in sometime btw. I don't recall having to explicitly install blueprint, is it no longer part of boot feature set? Also, I'm unfamiliar with "property-placeholder". What's the purpose that that over a <service> element? Thanks, Scott <enc:property-placeholder> <enc:encryptor class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor"> <property name="config"> <bean class="org.jasypt.encryption.pbe.config.EnvironmentPBEConfig"> <property name="algorithm" value="PBEwithMD5andDES"/> <property name="password" value="my-crazy-pwd"/> <!-- <property name="passwordEnvName" value="ENCRYPTION_PWD"/> --> </bean> </property> </enc:encryptor> </enc:property-placeholder> -----Original Message----- From: Jean-Baptiste Onofré <j...@nanthrax.net> Sent: Monday, November 05, 2018 11:02 PM To: user@karaf.apache.org Subject: Re: Encrypting property values in .cfg files Hi Scott, You want to use it blueprint, SCR or directly ConfigAdmin ? If you use the {enc:} format, it should work at least with blueprint jasypt namespace. For a generic way, we have a Jira about that. Basically, it would be a ConfigListener to do intercepting the {enc:} prefix in property values. I can work on this one. Regards JB On 05/11/2018 23:25, Leschke, Scott wrote: > I'm looking to encrypt passwords the are currently in plaintext in a > few of my .cfg files. I've looked at how to do that and it seemed > reasonably straightforward although I've had some difficulty getting > it working. I'm wondering if there's anything that prevents me from > just supplying a service myself that implements the > */org.jasypt.encryption.StringEncryptor/* interface rather than using > the Karaf jasypt-encryption service. > > > > I've tried it but that doesn't seem to want to work either so I'm > wondering if there's a reason it doesn't. > > > > Scott > > > > > -- Jean-Baptiste Onofré jbono...@apache.org http://blog.nanthrax.net Talend - http://www.talend.com