Versions Compared

Old Version 8

changes.mady.by.user Fiona Sargeant

Saved on

compared with

New Version 9

changes.mady.by.user Fiona Sargeant

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Note

We strongly recommend that you use the latest version of Java.

For versions before Java 1.8.0_151, you must install the JCE Unlimited Strength Jurisdiction Policy files.


Java Keytool

...

To be moved to the install database section.

To ensure the security for Java, use the key tool and the configuration file of the login details for your phixflow database(s), you must configure:

  1. a keystore using the Java keytool. The actual username and password for the PhixFlow database are encrypted in the keystore.
  2. phixflow-vault.xml

...

  1. with the information about the keystore
  2. optionally, store the keystore password in an environment variable
  3. record the keystore alias for the database username and password in phixflow-datasource.xml

...


I cannot see where the actual username is set?

  1. Create a keystore using java keytool by running the command as


    Code Block
    keytool -importpass -alias <keyAlias> -keystore <keystoreFileName> -storetype PKCS12<keytype>

    Where

  • <keyAlias> specify the alias e.g. database-dev-build-user) and should be saved as it is used to fetch the secretKey
  • <keystoreFileName>: specify the file name of the key store

  • storetype <keytype> must be either PKCS12 or JCEKS.

2. Run the keytool command to import username to keystore e.g.For example

Code Block
keytool -importpass -alias database-prod-build-username1 -keystore phixflowvaultHidePW -storetype PKCS12


3. When the The Keytool prompts you set a password for the keystore file and to confirm it : "Enter Keystore password:" enter the master password for keystore. And re-enter the password.

4, When the keytool prompts you to Set the  "Enter the password to be stored:" enter the username for database password.

...

password: <keyAlias> value which we gave while running keytool for password we used in above stepse.g. database-prod-build-user


Example


PhixFlow database

  • User name: db-admin
  • password: xyz+123

Keystore file

  • path: x/y/z
  • name: HidePW
  • password: hide-pass9
  • type: PKCS12

Keystore contains

  • user name: db-admin
  • user alias: name1
  • user password: xyz+123
  • password alias: pw1

Environment Variable

  • Name: keypass
  • Value: hide-pass9

phixflow-vault.xml

  • keystore

phixflow-datasource.xml

  • username: name1
  • password: pw1


The database user logs in and provides the username name1 and the password pw1. 

phixflow-datasource asks phixflow vault where it can find the actual user credentials that match these aliases. PhixFlow vault knows where they are stored (vault url) and how to talk to the stor (vault type) It also has the password, either via vault password or the environment variable.


phixflow-vault.xml requests the actual username and password, which are returned to phixflow-datasource.xml. The actual user name and password are passed to the database, and the user can login.