Encrypt database password
You can encrypt the database password in the data source with standard WildFly functionality using a security domain and picketbox. Execute the steps below:
1. Open the command prompt in the following location ...\Server\wildfly-*.
2. Encrypt the password using the following command, you can select any password.
Make sure to replace the jdk-* (lookup \Server) and picketbox-* (lookup '...\wildfly-*\modules\system\layers\base\org\picketbox\main) with the versions of your installation:
<java installation location ..\Server\jdk-*\bin\>java -cp modules\system\layers\base\org\picketbox\main\picketbox-*.Final.jar
org.picketbox.datasource.security.SecureIdentityLoginModule Plan$QL
3. Start the CLI.
4. Add the EncryptDBPassword security domain:
/subsystem=security/security-domain=EncryptDBPassword:add()
5. Add the login module to the security domain:
/subsystem=security/security-domain=EncryptDBPassword/authentication=classic:add(login-modules=[
{"code"=>"org.picketbox.datasource.security.SecureIdentityLoginModule", "flag"=>"required", "module-options"=>[("username"=>"YourUserName"), ("password"=>"EncryptedPassword"), ("managedConnectionFactoryName"=>"jboss.jca:service=LocalTxCM,name=PlanonDS")]}
])
6. Remove the following attributes using CLI; they will be replaced with the security domain.
/subsystem=datasources/data-source=PlanonDS/:undefine-attribute(name=password)
/subsystem=datasources/data-source=PlanonDS/:undefine-attribute(name=user-name)
7. Add the security domain:
/subsystem=datasources/data-source=PlanonDS/:write-attribute(name=security-domain,
value=EncryptDBPassword)