Re: encrypt database password in broker-config.xml

Wed, 21 Oct 2009 18:33:44 -0700 

I created a custom encryptor class allowing encrypted passwords to be stored
in credentials.properties (but this could be adapted to any Spring
configuration file. The encryptor decrypts passwords on app context
initialization and stores plaintext versions in memory.

My activemq.xml (5.2) looks like this

    <!-- This bean loads the passwords defined here into Spring's
PropertyPlaceholderConfigurer.
        Passwords are stored in memory in plain text -->
    <bean id="encryptor" class="nsw.osr.esb.crypto.Encryptor">
        <property name="location" 
value="${activemq.base}/conf/credentials.properties" />
    </bean>


    <!-- Allows us to use system properties as variables in this
configuration file -->
    <bean
class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
        <property name="properties" ref="encryptor"/>
    </bean>

The encrypted property names have a '?' char in front to distinguish
encrypted from unencrypted properties:

# Password for certificate store
?keystorepassword=KiaQHVn0MsH59M3JXAgwSQ==
# some other password e.g. not a production environment that can be
plaintext
plaintext.password=foobar

These can then be referenced in any activemq config file as
${keystorepassword}


I have attached my encryptor class
http://www.nabble.com/file/p26002769/Encryptor.java Encryptor.java 

The way to generate the encrypted passwords is to use a command line utility
I wrote (using standard J2SE algorithms) and then paste ciphertext into your
config file.

These are attached as well
http://www.nabble.com/file/p26002769/DecryptPassword.java
DecryptPassword.java 
http://www.nabble.com/file/p26002769/EncryptPassword.java
EncryptPassword.java 

Mail me if this is unclear.
HTH,

Serge

au.pg wrote:
> 
> Hi,
> 
> I want to store encrypted database password in broker-config.xml file? Is
> there a way that activemq correctly decrypts while connecting to database.
> 
> Thanks, 
> PG
> 

-- 
View this message in context: 
http://www.nabble.com/encrypt-database-password-in-broker-config.xml-tp25966501p26002769.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.

Reply via email to