encrypt database password in broker-config.xml

["au.pg" <pg...@interwoven.com>]

Hi,

I want to store encrypted database password in broker-config.xml file? Is
there a way that activemq correctly decrypts while connecting to database.

Thanks, 
PG
-- 
View this message in context: http://www.nabble.com/encrypt-database-password-in-broker-config.xml-tp25966501p25966501.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.

Re: encrypt database password in broker-config.xml

[Rob Davies <ra...@gmail.com>]

On 19 Oct 2009, at 23:03, au.pg wrote:

>
> Hi,
>
> I want to store encrypted database password in broker-config.xml  
> file? Is
> there a way that activemq correctly decrypts while connecting to  
> database.
>
> Thanks,
> PG
> -- 
> View this message in context: http://www.nabble.com/encrypt-database-password-in-broker-config.xml-tp25966501p25966501.html
> Sent from the ActiveMQ - User mailing list archive at Nabble.com.
>

This is something we don't currently support - but you could raise a  
ticket for it. Usual practice would be to rely on permissions on the  
box to restrict access to the config file

cheers,

Rob

Rob Davies
http://twitter.com/rajdavies
I work here: http://fusesource.com
My Blog: http://rajdavies.blogspot.com/
I'm writing this: http://www.manning.com/snyder/

Re: encrypt database password in broker-config.xml

["au.pg" <pg...@interwoven.com>]

Hi,

I just want to share how we can encrypt database password in
broker-config.xml using jasypt.

1) Add spring name space

xmlns:spring="http://www.springframework.org/schema/beans" 

2) define below two beans 

<spring:bean id="configurationEncryptor"
class="org.jasypt.encryption.pbe.StandardPBEStringEncryptor">
     <spring:property name="algorithm" value="PBEWithMD5AndDES"/>
     <spring:property name="password" value="pg"/>
 </spring:bean>

 <spring:bean id="propertyConfigurer"
    
class="org.jasypt.spring.properties.EncryptablePropertyPlaceholderConfigurer">
   <spring:constructor-arg ref="configurationEncryptor" />
   <spring:property name="location"
value="classpath:activemq-pwd.properties"/>
 </spring:bean>

3) you can see that password declared in activemq-pwd.properties can be
accessed as ${password} 

    <property name="password" value="${password}"/>  

4) below are contents of activemq-pwd.properties

password=ENC(oD2k3oXlEi4+6ovhpR2b3UguNfa/8UwU)

Please note that the generated password in activemq-pwd using jasypt's
encrypt.bat using above mentioned algorithm PBEWithMD5AndDES and password
pg.

PG
-- 
View this message in context: http://old.nabble.com/encrypt-database-password-in-broker-config.xml-tp25966501p26294445.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.

Re: encrypt database password in broker-config.xml

[Dejan Bosanac <de...@nighttale.net>]

Hi Guys,

great stuff. I created a Jira issue (
https://issues.apache.org/activemq/browse/AMQ-2460) to integrate jasypt with
ActiveMQ by default

Cheers
--
Dejan Bosanac - http://twitter.com/dejanb

Open Source Integration - http://fusesource.com/
ActiveMQ in Action - http://www.manning.com/snyder/
Blog - http://www.nighttale.net


On Thu, Oct 22, 2009 at 3:40 AM, au.pg <pg...@interwoven.com> wrote:

>
> Hi Serge,
>
> This is Awesome. This is what we finally figured out and doing using
> jasypt.
> I greatly appreciate your reply.
>
> Great Post!
>
> Thanks,
> PG
> --
> View this message in context:
> http://www.nabble.com/encrypt-database-password-in-broker-config.xml-tp25966501p26002811.html
> Sent from the ActiveMQ - User mailing list archive at Nabble.com.
>
>

Re: encrypt database password in broker-config.xml

["au.pg" <pg...@interwoven.com>]

Hi Serge,

This is Awesome. This is what we finally figured out and doing using jasypt.
I greatly appreciate your reply. 

Great Post!

Thanks, 
PG
-- 
View this message in context: http://www.nabble.com/encrypt-database-password-in-broker-config.xml-tp25966501p26002811.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.

Re: encrypt database password in broker-config.xml

[Serge Merzliakov <sm...@epistatic.net>]

I created a custom encryptor class allowing encrypted passwords to be stored
in credentials.properties (but this could be adapted to any Spring
configuration file. The encryptor decrypts passwords on app context
initialization and stores plaintext versions in memory.

My activemq.xml (5.2) looks like this

    <!-- This bean loads the passwords defined here into Spring's
PropertyPlaceholderConfigurer.
        Passwords are stored in memory in plain text -->
    <bean id="encryptor" class="nsw.osr.esb.crypto.Encryptor">
        <property name="location" 
value="${activemq.base}/conf/credentials.properties" />
    </bean>


    <!-- Allows us to use system properties as variables in this
configuration file -->
    <bean
class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
        <property name="properties" ref="encryptor"/>
    </bean>

The encrypted property names have a '?' char in front to distinguish
encrypted from unencrypted properties:

# Password for certificate store
?keystorepassword=KiaQHVn0MsH59M3JXAgwSQ==
# some other password e.g. not a production environment that can be
plaintext
plaintext.password=foobar

These can then be referenced in any activemq config file as
${keystorepassword}


I have attached my encryptor class
http://www.nabble.com/file/p26002769/Encryptor.java Encryptor.java 

The way to generate the encrypted passwords is to use a command line utility
I wrote (using standard J2SE algorithms) and then paste ciphertext into your
config file.

These are attached as well
http://www.nabble.com/file/p26002769/DecryptPassword.java
DecryptPassword.java 
http://www.nabble.com/file/p26002769/EncryptPassword.java
EncryptPassword.java 

Mail me if this is unclear.
HTH,

Serge

au.pg wrote:
> 
> Hi,
> 
> I want to store encrypted database password in broker-config.xml file? Is
> there a way that activemq correctly decrypts while connecting to database.
> 
> Thanks, 
> PG
> 

-- 
View this message in context: http://www.nabble.com/encrypt-database-password-in-broker-config.xml-tp25966501p26002769.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.