Bug 1019989 - Password entered into installer is written to dtgov.properties in plain text
Password entered into installer is written to dtgov.properties in plain text
Status: CLOSED CURRENTRELEASE
Product: JBoss Fuse Service Works 6
Classification: JBoss
Component: Installer (Show other bugs)
6.0.0 GA
Unspecified Unspecified
unspecified Severity urgent
: ER7
: 6.0.0
Assigned To: Thomas Hauser
Stefan Bunciak
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-10-16 14:05 EDT by Len DiMaggio
Modified: 2014-02-06 10:29 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Len DiMaggio 2013-10-16 14:05:20 EDT
Description of problem:

standalone/configuration/dtgov.properties:sramp.repo.password=password1#
standalone/configuration/dtgov.properties:governance.bpm.password=password1#
standalone/configuration/dtgov.properties:governance.password=password1#

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 1 Gary Brown 2013-10-17 03:59:43 EDT
I believe this will be resolved post-beta with the use of the vault.
Comment 2 Eric Wittmann 2013-10-29 09:21:37 EDT
All of the overlord apps now support using vaulted passwords in their config files rather than plain text.  In this particular case the installer needs to be updated to do the following:

1) create/init the EAP vault
2) auto-generate a password for a dtgov service user named "dtgovworkflow"
3) create the dtgovworkflow user via 'add-user.sh' or equiv.
4) store the generated password in the EAP vault
5) write the dtgovworkflow username and generated password's vault key to dtgov.properties (instead of using the plain text password entered by the user)

Further details of this have been documented elsewhere for reference by interested parties.

Assigning this BZ to thauser to complete the prod installer changes.
Comment 4 Thomas Hauser 2013-11-14 10:25:40 EST
Changes for this should be complete for ER7. Need the full build for confirmation.
Comment 5 Len DiMaggio 2013-12-13 15:31:14 EST
Verified in ER7-2

grep password dtgov.properties 
sramp.repo.password=${vault:VAULT::dtgov::dtgov-workflows.password::1}
governance.bpm.password=${vault:VAULT::dtgov::dtgov-workflows.password::1}
governance.password=${vault:VAULT::dtgov::dtgov-workflows.password::1}

Note You need to log in before you can comment on or make changes to this bug.