Overview
To keep the database username and password secure, PhixFlow is configured to use a keystore file. The database account credentials are encrypted and stored here, along with aliases. You can then use the aliases to retrieve each secret username and password from the keystore.
To configure the keystore, you will use the Java keytool -importpass command at the command line.
Keytool Syntax
For reference, here is the full syntax and the values you will need to use. The steps below provide example commands.
| Code Block |
|---|
<keytool> -importpass -alias <keyAlias> -keystore <pathToKeystoreFile> -storetype <keytype> |
...
| Where: | Is | |
|---|---|---|
| Windows command prompt | |
| Windows PowerShell | | |
| Linux | | |
| The alias for a username or password. The phixflow-secret.xml configuration file refers to the <keyAlias> so that PhixFlow knows which encrypted secret to retrieve from the keystore. After you enter an alias, the keytool The keytool prompts you to enter the corresponding username or password. This is the actual value that the database requires to permit access. | |
| <pathToKeystoreFile> | The full path to the keystore file, for example:
| |
| <keytype> | either PKCS12 or JCEKS. | |
| Tip |
|---|
The command's prompts are not very clear. It sometimes asks keytool does not differentiate between the secrets it stores. It always prompts for a password when , but you may need to enter a username. The following instructions state what information you need to enter. |
How to Set up a Keystore
Step 1 Create the keystore and the alias for the database username
1.1 Run the -importpass command. In <keyAlias> specify the alias username for the PhixFlow database username (pbdev phixflow-database-user in the following examples).
...
| Code Block |
|---|
"%JAVA_HOME%\bin\keytool" -importpass -alias pbdevphixflow-database-user -keystore C:\secure\hidden.jks -storetype PKCS12 |
...
1.2 When prompted, enter a password for the keystore file, then re-enter to confirm it.
1.3 When prompted, enter the actual username for the PhixFlow database.
...
2.1. Repeat the -importpass command. In <keyAlias> specify the alias password for the PhixFlow database password. (123xyz in the following examples).
...
2.3 When prompted enter the actual password for the PhixFlow database.
...
| Details used in the diagram | ||
|---|---|---|
| Keystore file name | hidden.jks | |
| Keystore password | storepw | |
| Environment variable name | KEY_PASS | |
| Environment variable value (the keystore password) | storepw | |
| PhixFlow database credentials | Username | Password |
| Actual |
| P*59word |
| Alias |
| 123xyz |