Versions Compared

Old Version 1

changes.mady.by.user Fiona Sargeant

Saved on

compared with

New Version 2

changes.mady.by.user Fiona Sargeant

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Overview

To keep the database username and password secure, PhixFlow is configured to use a keystore file. The database account credentials are encrypted and stored here, along with aliases.

...

Required?PropertyValueExample
RequiredkeystoreTypeThe type of the keystore, either PKCS12 or JCEKS

<!-- keystore type (PKCS12 or JCEKS) -->
<property name="keystoreType">
   <value>PKCS12</value>
</property>

RequiredkeystoreFile

The path to the keystore.

<!-- keystore filepath  -->
<property name="keystoreFile">
   <value>/opt/secure/hidden.jks</value>
</property>

Either
(recommended)		keystorePassEnvironmentVariable

The name of the environment variable.

Use <!-- and --> to comment out the keystorePass property.

<!-- keystore password -->
<property name="keystorePassEnvironmentVariable">    <value>KEY_PASS</value>
</property>

OrkeystorePass

The password for the keystore.

Use <!-- and --> to comment out the keystorePassEnvironmentVariable property.

<!-- keystore password -->
<property name="keystorePass">
   <value>storepw</value>
</property>

Configuring Unencrypted Credentials

PhixFlow strongly recommends that you use the keystore to encrypt database user credentials, as described above.

However, if you must store unencrypted credentials:

  1. In  $TOMCAT/webapps/$WEBAPP/WEB-INF/classes, copy phixflow-secret-test.xml to phixflow-secret.xml.
  2. In phixflow-datasource.xml, enter the database user's:
    • username
    • and password.