whats covered: embedding the secure vault password for the linux startup script.
WSO2 servers ship
with the capability of encrypting and securing plain text passwords
used in configuration files, find more information about this feature
here[1]. As the final step of this process the decryption password
will need to be provided at server startup by entering it or placing it as a temp text file. When needing to start the servers as background services the password can be
embedded into the server startup script as shown in the post to make the process more
secure.
1) encode the password to base64
run the command
below to get it encoded
echo 'put your password here' | base64
2) modify the wso2server.sh script to generate the password file at runtime.
Include the
following line at the start of the elif [ "$CMD" = "start"
]; then block. Refer[2]
echo <the encoded base64 string goes here> | base64 -d | tee $CARBON_HOME/password-tmp
the password-tmp
file will get generated before the carbon bootlstrapper is run. The file
will get deleted after it is read.
Note that this would
only work on Linux distros where the base64 program is available.
No comments:
Post a Comment