Wednesday, March 14, 2018

How to read values in ESB from secure vault


Some time we have a requirement in which we have to keep our credentials in any secure message store. WSO2 provide secure vault feature in ESB to keep your credentials and you can get these hidden details with below property and use anywhere in your ESB logic.

Code:


<property expression="wso2:vault-lookup('Username')"
    name="UserName" scope="default" type="STRING" xmlns:ns="http://org.apache.synapse/xsd"/>

Setup Secure Vault in WSO2 ESB


  • Go to the your ESB home/bin directory 
  • Execute command “ciphertool.bat -Dconfigure” as mentioned below

You should be getting the below outcome of it. It will ask you the password for Carbon server, please provide "wso2carbon"


C:\Work\WSO2\wso2esb-4.9.0\repository\conf\security>ciphertool.bat -Dconfigure
'ciphertool.bat' is not recognized as an internal or external command,
operable program or batch file.

C:\Work\WSO2\wso2esb-4.9.0\repository\conf\security>cd ciphertool.bat
The system cannot find the path specified.

C:\Work\WSO2\wso2esb-4.9.0\repository\conf\security>cd C:\Work\WSO2\wso2esb-4.9.0\bin

C:\Work\WSO2\wso2esb-4.9.0\bin>ciphertool.bat -Dconfigure
'ant' is not recognized as an internal or external command,
operable program or batch file.
Using CARBON_HOME:   C:\Work\WSO2\wso2esb-4.9.0
Using JAVA_HOME:    C:\Program Files\Java\jdk1.8.0_151
[Please Enter Primary KeyStore Password of Carbon Server : ]

Primary KeyStore of Carbon Server is initialized Successfully

Protected Token [UserManager.AdminUser.Password] is updated in repository/conf/user-mgt.xml successfully

Protected Token [Carbon.Security.KeyStore.KeyPassword] is updated in repository/conf/carbon.xml successfully

Protected Token [Server.Service.Connector.keystorePass] is updated in repository/conf/tomcat/catalina-server.xml successfully

Protected Token [Carbon.Security.TrustStore.Password] is updated in repository/conf/carbon.xml successfully

Protected Token [Carbon.Security.KeyStore.Password] is updated in repository/conf/carbon.xml successfully

Protected Token [Datasources.WSO2_CARBON_DB.Configuration.Password] is updated in repository/conf/datasources/master-datasources.xml successfully


Encryption is done Successfully


Encryption is done Successfully


Encryption is done Successfully


Encryption is done Successfully


Encryption is done Successfully


Encryption is done Successfully


Secret Configurations are written to the property file successfully

C:\Work\WSO2\wso2esb-4.9.0>


Once you get above message, you can now add secure vault from ESB console UI.

How to add password in secure vault in WSO2 ESB


  • Start the ESB server and login with admin/admin.
  • Click on the “Manage password” link under the Secure vault Tool and click on the “Add New Password to encrypt and store” on link 

  • You might get below error, means you have not setup your secure vault yet. To DO that please follow this blog

And in the logs you can see below error


  • If you have not got above error, means all good and now you can provide key and password as mentioned below.

  • Click on “Add” button

Your values has been added successfully