Encrypt database password using PBE
https://access.redhat.com/kb/docs/DOC-52883 How to encrypt the database password using Password Based Encryption (PBE) Article ID: 52883 - Created on: Oct 12, 2009 3:30 AM - Last Modified: Mar 28, 2011 11:22 AM Issue How to encrypt the database password Environment JBoss Enterprise Application Platform (EAP) 4.x JBoss Enterprise Application SOA Platform (SOA-P) 5.0.1 Resolution Create the master password file java -cp jbosssx.jar org.jboss.security.plugins.FilePassword e.g java -cp jbosssx.jar org.jboss.security.plugins.FilePassword passwd12 13 master server.password Create the PBE encrypted password (using the same salt and iteration count as the master password) java -cp jbosssx.jar org.jboss.security.plugins.PBEUtils '' Note: Use single quotes when entering datasource password as it may contain special characters. e.g java -cp jbosssx.jar org.jboss.security.plugins.PBEUtils passwd123 13 master '' Encoded password: 9HiXjonw9I6 Define the application policy in conf/login-conf.xml rhqadmin 9HiXjonw9I6 jboss.jca:service=LocalTxCM,name=postgresDS jboss.security:service=JaasSecurityDomain,domain=ServerMasterPassword Define the JAAS security domain in the *-ds.xml postgresDS false jdbc:postgresql://localhost:5432/rhq org.postgresql.Driver EncryptedPostgresRealm 2 2 1000 9 {CLASS}org.jboss.security.plugins.FilePassword:${jboss.server.home.dir}/conf/server.password passwd12 13 Note: Be careful with the salt used in step 2 and 4. The PBEUtils class will only use the first 8 bytes of the passed in "salt" string. If you use a salt string like "123456789" only "12345678" is used. Also the if you pass in anything longer than 8 bytes in the "passwd12" section of the DS mbean section the APP server will simply fail with the following message. Caused by: java.security.InvalidAlgorithmParameterException: Salt must be 8 bytes long