encrypt database password in broker-config.xml

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

encrypt database password in broker-config.xml

au.pg
Hi,

I want to store encrypted database password in broker-config.xml file? Is there a way that activemq correctly decrypts while connecting to database.

Thanks,
PG
Reply | Threaded
Open this post in threaded view
|

Re: encrypt database password in broker-config.xml

rajdavies

On 19 Oct 2009, at 23:03, au.pg wrote:

>
> Hi,
>
> I want to store encrypted database password in broker-config.xml  
> file? Is
> there a way that activemq correctly decrypts while connecting to  
> database.
>
> Thanks,
> PG
> --
> View this message in context: http://www.nabble.com/encrypt-database-password-in-broker-config.xml-tp25966501p25966501.html
> Sent from the ActiveMQ - User mailing list archive at Nabble.com.
>

This is something we don't currently support - but you could raise a  
ticket for it. Usual practice would be to rely on permissions on the  
box to restrict access to the config file

cheers,

Rob

Rob Davies
http://twitter.com/rajdavies
I work here: http://fusesource.com
My Blog: http://rajdavies.blogspot.com/
I'm writing this: http://www.manning.com/snyder/





Reply | Threaded
Open this post in threaded view
|

Re: encrypt database password in broker-config.xml

Serge Merzliakov
In reply to this post by au.pg
I created a custom encryptor class allowing encrypted passwords to be stored in credentials.properties (but this could be adapted to any Spring configuration file. The encryptor decrypts passwords on app context initialization and stores plaintext versions in memory.

My activemq.xml (5.2) looks like this

   
    <bean id="encryptor" class="nsw.osr.esb.crypto.Encryptor">
        <property name="location"  value="${activemq.base}/conf/credentials.properties" />
    </bean>


   
    <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
        <property name="properties" ref="encryptor"/>
    </bean>

The encrypted property names have a '?' char in front to distinguish encrypted from unencrypted properties:

# Password for certificate store
?keystorepassword=KiaQHVn0MsH59M3JXAgwSQ==
# some other password e.g. not a production environment that can be plaintext
plaintext.password=foobar

These can then be referenced in any activemq config file as ${keystorepassword}


I have attached my encryptor classEncryptor.java

The way to generate the encrypted passwords is to use a command line utility I wrote (using standard J2SE algorithms) and then paste ciphertext into your config file.

These are attached as wellDecryptPassword.java
EncryptPassword.java

Mail me if this is unclear.
HTH,

Serge
au.pg wrote
Hi,

I want to store encrypted database password in broker-config.xml file? Is there a way that activemq correctly decrypts while connecting to database.

Thanks,
PG
Reply | Threaded
Open this post in threaded view
|

Re: encrypt database password in broker-config.xml

au.pg
Hi Serge,

This is Awesome. This is what we finally figured out and doing using jasypt.
I greatly appreciate your reply.

Great Post!

Thanks,
PG
Reply | Threaded
Open this post in threaded view
|

Re: encrypt database password in broker-config.xml

dejanb
Hi Guys,

great stuff. I created a Jira issue (
https://issues.apache.org/activemq/browse/AMQ-2460) to integrate jasypt with
ActiveMQ by default

Cheers
--
Dejan Bosanac - http://twitter.com/dejanb

Open Source Integration - http://fusesource.com/
ActiveMQ in Action - http://www.manning.com/snyder/
Blog - http://www.nighttale.net


On Thu, Oct 22, 2009 at 3:40 AM, au.pg <[hidden email]> wrote:

>
> Hi Serge,
>
> This is Awesome. This is what we finally figured out and doing using
> jasypt.
> I greatly appreciate your reply.
>
> Great Post!
>
> Thanks,
> PG
> --
> View this message in context:
> http://www.nabble.com/encrypt-database-password-in-broker-config.xml-tp25966501p26002811.html
> Sent from the ActiveMQ - User mailing list archive at Nabble.com.
>
>
Reply | Threaded
Open this post in threaded view
|

Re: encrypt database password in broker-config.xml

au.pg
Hi,

I just want to share how we can encrypt database password in broker-config.xml using jasypt.

1) Add spring name space

xmlns:spring="http://www.springframework.org/schema/beans"

2) define below two beans

<spring:bean id="configurationEncryptor" class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor">
     <spring:property name="algorithm" value="PBEWithMD5AndDES"/>
     <spring:property name="password" value="pg"/>
 </spring:bean>

 <spring:bean id="propertyConfigurer"
     class="org.jasypt.spring.properties.EncryptablePropertyPlaceholderConfigurer">
   <spring:constructor-arg ref="configurationEncryptor" />
   <spring:property name="location" value="classpath:activemq-pwd.properties"/>
 </spring:bean>

3) you can see that password declared in activemq-pwd.properties can be accessed as ${password}

    <property name="password" value="${password}"/> 

4) below are contents of activemq-pwd.properties

password=ENC(oD2k3oXlEi4+6ovhpR2b3UguNfa/8UwU)

Please note that the generated password in activemq-pwd using jasypt's encrypt.bat using above mentioned algorithm PBEWithMD5AndDES and password pg.

PG