Bug 1019989

Summary: Password entered into installer is written to dtgov.properties in plain text
Product: [JBoss] JBoss Fuse Service Works 6 Reporter: Len DiMaggio <ldimaggi>
Component: InstallerAssignee: Thomas Hauser <thauser>
Status: CLOSED CURRENTRELEASE QA Contact: Stefan Bunciak <sbunciak>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: 6.0.0 GACC: atangrin, jsedlace, soa-p-jira
Target Milestone: ER7   
Target Release: 6.0.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Len DiMaggio 2013-10-16 18:05:20 UTC 
Description of problem:

standalone/configuration/dtgov.properties:sramp.repo.password=password1#
standalone/configuration/dtgov.properties:governance.bpm.password=password1#
standalone/configuration/dtgov.properties:governance.password=password1#

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 1 Gary Brown 2013-10-17 07:59:43 UTC 
I believe this will be resolved post-beta with the use of the vault.
Comment 2 Eric Wittmann 2013-10-29 13:21:37 UTC 
All of the overlord apps now support using vaulted passwords in their config files rather than plain text.  In this particular case the installer needs to be updated to do the following:

1) create/init the EAP vault
2) auto-generate a password for a dtgov service user named "dtgovworkflow"
3) create the dtgovworkflow user via 'add-user.sh' or equiv.
4) store the generated password in the EAP vault
5) write the dtgovworkflow username and generated password's vault key to dtgov.properties (instead of using the plain text password entered by the user)

Further details of this have been documented elsewhere for reference by interested parties.

Assigning this BZ to thauser to complete the prod installer changes.
Comment 4 Thomas Hauser 2013-11-14 15:25:40 UTC 
Changes for this should be complete for ER7. Need the full build for confirmation.
Comment 5 Len DiMaggio 2013-12-13 20:31:14 UTC 
Verified in ER7-2

grep password dtgov.properties 
sramp.repo.password=${vault:VAULT::dtgov::dtgov-workflows.password::1}
governance.bpm.password=${vault:VAULT::dtgov::dtgov-workflows.password::1}
governance.password=${vault:VAULT::dtgov::dtgov-workflows.password::1}