How to encrypt keytool keypass and storepass

I am using the following link for 2-way ssl in JBoss. It works fine for me.

http://www.mastertheboss.com/jboss-...tutorial-for-configuring-ssl-https-on-wildfly

I am using the following command to generate key pair, using key password(keypass) as secret.

keytool -genkeypair -alias client -keyalg RSA -keysize 2048 -validity 365 -keystore client.keystore -dname "CN=client" -keypass secret -storepass secret


Like wise, I follow the steps in above link and I am able to enable https.

While doing so, one of the entry that is created in standalone-full.xml is as follows:

<tls>
<key-stores>
<key-store name="demoKeyStore">
<credential-reference clear-text="secret"/>
<implementation type="JKS"/>
<file path="server.keystore" relative-to="jboss.server.config.dir"/>
</key-store>
</key-stores>
<key-managers>
<key-manager name="demoKeyManager" key-store="demoKeyStore">
<credential-reference clear-text="secret"/>
</key-manager>
</key-managers>
<server-ssl-contexts>
<server-ssl-context name="demoSSLContext" protocols="TLSv1.2" key-manager="demoKeyManager"/>
</server-ssl-contexts>
</tls>


Here the clear-text value is secret, which was used while doing key generation. Since it is visible to anyone having access to standalone-full.xml file, I want to protect it.

Question: How do I encrypt the clear-text attribute with value "secret" in the xml file.

Few possible way I could think of is storing it in vault (I have not tried it yet) or encrypt the password using some other techniques

https://docs.rapidminer.com/9.0/server/administration/security/securing-passwords-in-jboss.html

JBoss AS 7.1 - datasource how to encrypt password

What is the best way to solve above problem. Please advise.

Continue reading...