Overview
To keep the database username and password secure, PhixFlow is configured to use a keystore file. The database account credentials are encrypted and stored here, along with aliases.
To configure the keystore, you will use the Java keytool -importpass command at the command line.
Keytool Syntax
For reference, here is the full syntax and the values you will need to use. The steps below provide example commands.
| Code Block |
|---|
<keytool> -importpass -alias <keyAlias> -keystore <pathToKeystoreFile> -storetype <keytype> |
| Where: | Is | |
|---|---|---|
| Windows command prompt | |
| Windows PowerShell | | |
| Linux | | |
| The alias for a username or password. The keytool prompts you to enter the corresponding username or password. | |
| <pathToKeystoreFile> | The full path to the keystore file, for example:
| |
| <keytype> | either PKCS12 or JCEKS. | |
dfd
| Tip |
|---|
The command's prompts are not very clear. It sometimes asks for a password when you need to enter a username. |
How to Set up a Keystore
Step 1 Create the keystore and the alias for the database username
...
Create an environment variable with the form <variable-name>: <keystore-password>
| In Windows | In Linux | |
|---|---|---|
<variable-name> | In Windows: In the environment variable, specify any variable name you choose. | Use the For information about how to set environment variables in Linux, see: |
<keystore-password> | Specify the password for the keystore. | |
| Warning |
|---|
Never add the keystore password to the profile for the Tomcat user. |
...
Figure 1: How PhixFlow authenticates to its database
| Details used in the diagram | ||
|---|---|---|
| Keystore file name | hidden.jks | |
| Keystore password | storepw | |
| Environment variable name | KEY_PASS | |
| Environment variable value (the keystore password) | storepw | |
| PhixFlow database credentials | Username | Password |
| Actual |
| P*59word |
| Alias |
| 123xyz |