Initializing help system before first use

Using the Credential Store to Store Passwords

You can use a credential store and reference passwords by their aliases—This is more secure than having plain-text passwords in the standalone.xml file.
There are several steps to the process; Initially you create, reference, and utilize the credential store. Then you must obfuscate the credential store password, and finally you set Xpress Insight to use the password vault.
Note: Support of password vaults ceased in Wildfly 25. There is a guide to aid the migration of any existing vaults available at https://docs.wildfly.org/25/WildFly_Elytron_Security.html#Migrating_Existing_Vaults. This information applies to legacy installations of Xpress Insight (earlier that 4.58) using older versions of Wildfly.

Add credential store to standalone.xml

  1. Add the example code shown here to standalone.xml inside the elytron subsystem block (identified by the line <subsystem xmlns="urn:wildfly:elytron:14.0"...) 
    <credential-stores>
  <credential-store name="store-name" relative-to="jboss.server.data.dir" location="storename.storage" create="true">
      <credential-reference clear-text="store-password"/>
  </credential-store>
</credential-stores>
  2. Save the standalone.xml file and restart the Xpress Insight Server.
  3. Add a new credential to the store

    Open a command prompt on the machine hosting the Xpress Insight Server and connect to the JBoss CLI using the instruction:

    Linux 

    <INSIGHT_HOME>/server/wildfly-x.y.z/bin/jboss-cli.sh --connect
    Windows 
    <INSIGHT_HOME>/server/wildfly-x.y.z/bin/jboss-cli.bat --connect
    where x.y.z represents the Wildfly version, subversion, and patch numbers.
    Note: The Wildfly server must be running in order to connect.
  4. When connected, enter the following command: 
    /subsystem=elytron/credential-store=store-name:add-alias(alias=some-alias,secret-value=some-password)
  5. The credential store is now configured and populated with credentials. These credentials can be used within https configuration and datasource configuration instead of plain text passwords within standalone.xml. For more, see Enabling HTTPS with Xpress Insight Server and Securing the PostgreSQL Database Password.
Covered Topics
Parent Topic Securing FICO Xpress Insight

© 2001-2023 Fair Isaac Corporation. All rights reserved. This documentation is the property of Fair Isaac Corporation (“FICO”). Receipt or possession of this documentation does not convey rights to disclose, reproduce, make derivative works, use, or allow others to use it except solely for internal evaluation purposes to determine whether to purchase a license to the software described in this documentation, or as otherwise set forth in a written software license agreement between you and FICO (or a FICO affiliate). Use of this documentation and the software described in it must conform strictly to the foregoing permitted uses, and no other use is permitted.