Details
-
Bug
-
Resolution: Done
-
Major
-
None
-
None
Description
The keystore password in the security realm keystore definition does not support expressions. As a result the password cannot be masked.
This in contrast to the key password, which does support expressions.
Relevant code fragment from org.jboss.as.domain.management.security.KeystoreAttributes :
public static final SimpleAttributeDefinition KEY_PASSWORD = new SimpleAttributeDefinitionBuilder(
ModelDescriptionConstants.KEY_PASSWORD, ModelType.STRING, true).setXmlName(ModelDescriptionConstants.KEY_PASSWORD)
.setValidator(new StringLengthValidator(1, Integer.MAX_VALUE, true, true)).setAllowExpression(true)
.setFlags(AttributeAccess.Flag.RESTART_RESOURCE_SERVICES).build();
public static final SimpleAttributeDefinition KEYSTORE_PASSWORD = new SimpleAttributeDefinitionBuilder(ModelDescriptionConstants.KEYSTORE_PASSWORD, ModelType.STRING, false)
.setXmlName(ModelDescriptionConstants.KEYSTORE_PASSWORD).setValidator(new StringLengthValidator(1, Integer.MAX_VALUE, false, false))
.setFlags(AttributeAccess.Flag.RESTART_RESOURCE_SERVICES).build();
Attachments
Issue Links
- duplicates
-
AS7-884 Use Vault for domain management passwords in config
-
- Resolved
-
