Versions Compared

Old Version 8

changes.mady.by.user Fiona Sargeant

Saved on

compared with

New Version Current

changes.mady.by.user Fiona Sargeant

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Note

We strongly recommend that you use the latest version of Java.

For versions before Java 1.8.0_151, you must install the JCE Unlimited Strength Jurisdiction Policy files.

Java Keytool

WebApp configuration: phixflow-vault.xml

To ensure security for Java, use the key tool and the configuration file phixflow-vault.xml.

This means passwords for logging into PhixFlow database, which are saved in  phixflow-datasource.xml, will be encrypted.

Create a keystore using java keytool by running the command as

Code Block
keytool -importpass -alias <keyAlias> -keystore <keystoreFileName> -storetype PKCS12

Where

  • <keyAlias> specify the alias e.g. database-dev-build-user) and should be saved as it is used to fetch the secretKey
  • <keystoreFileName>: specify the file name of the key store

  • storetype must be either PKCS12 or JCEKS.

2. Run the keytool command to import username to keystore e.g.

Code Block
keytool -importpass -alias database-prod-build-user -keystore phixflowvault -storetype PKCS12

3. When the Keytool prompts you to "Enter Keystore password:" enter the master password for keystore. And re-enter the password.

4, When the keytool prompts you to "Enter the password to be stored:" enter the username for database password.

5.  Run the keytool command to import password to keystore e.g.

Code Block
keytool -importpass -alias database-prod-build-password -keystore phixflowvault -storetype PKCS12

Keytool will propmt to "Enter Keystore password:" which is the masterpassoword for keystore entered in above while importing username to keystore.

Now keytool will prompt for "Enter the passowrd to be stored:" which is the database password for user.

2.Add environment variable with value as keystore password and some variable name(This step can be skipped but then will need to mention masterkeystore password in phixflow-vault.xml see below step).

3.Edit phixflow-vault.xml

The PhixFlow webapp must be configured with phixflow-vault to use encrypted database password in phixflow-datasource.xml.

Edit phixflow-vault.xml and add values for below properties:

vaultType ( This value corresponds to the value we give while creating keystore for parameter -storetype it can be PKCS12 or JCEKS)

vaultUrl (keystore file url)

vaultKey (environment varaible name if we have setup it)

vaultPassword(In case we do not want to setup environment variable in step 2 we can directly provide the master password for keystore here)

4.Edit phixflow-datasource.xml

Make sure to have latest phixflow-datasource.xml

username: <keyAlias> value which we gave while running keytool for username we used in above steps e.g. database-prod-build-user

password: <keyAlias> value which we gave while running keytool for password we used in above stepse.g. database-prod-build-user