Initializing help system before first use

Using the Credential Store to Store Passwords

You can use a credential store and reference passwords by their aliases—This is more secure than having plain-text passwords in the standalone.xml file.
There are several steps to the process; Initially you create, reference, and utilize the credential store. Then you must obfuscate the credential store password, and finally you set Xpress Insight to use the password vault.

Add credential store to standalone.xml

  1. Add the example code shown here to standalone.xml inside the elytron subsystem block (identified by the line <subsystem xmlns="urn:wildfly:elytron:5.0"...) 
    <credential-stores>
  <credential-store name="store-name" relative-to="jboss.server.data.dir" location="storename.storage" create="true">
      <credential-reference clear-text="store-password"/>
  </credential-store>
</credential-stores>
  2. Save the standalone.xml file and restart the Xpress Insight Server.
  3. Add a new credential to the store

    Open a command prompt on the machine hosting the Xpress Insight Server and connect to the JBoss CLI using the instruction:

    Linux 

    <INSIGHT_HOME>/server/wildfly-x.y.z/bin/jboss-cli.sh --connect
    Windows 
    <INSIGHT_HOME>/server/wildfly-x.y.z/bin/jboss-cli.bat --connect
    where x.y.z represents the Wildfly version, subversion, and patch numbers.
    Note The Wildfly server must be running in order to connect.
  4. When connected, enter the following command: 
    /subsystem=elytron/credential-store=store-name:add-alias(alias=some-alias,secret-value=some-password)
  5. The credential store is now configured and populated with credentials. These credentials can be used within https configuration and datasource configuration instead of plain text passwords within standalone.xml. For more, see Enabling HTTPS with Xpress Insight Server and Securing the PostgreSQL Database Password.
Covered Topics
Parent Topic Securing FICO Xpress Insight