This project should be an extra layer for the "quarkus-file-vault" and encrypt the keystore secret and mask it. As output, you'd see all the parameters necessary for the "quarkus-file-vault".
- Fork and Clone the https://github.com/pedro-hos/quarkus-file-vault/tree/encrypt-secret with the changes. The changes are on encrypt-secret branch
1.1 Clone the project from my git profile:
git clone https://github.com/pedro-hos/quarkus-file-vault.git
1.2 Go to encrypt-secret
branch
git fetch origin
git checkout -b encrypt-secret origin/encrypt-secret
Make sure that changes are there, check if you see the class EncryptionUtil.java on your local code.
- If the changes are locally, we should to build the code:
mvn clean install -Dinsecure.repositories=WARN -DskipTests
You should to see the success message:
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for Quarkus - File Vault - Parent 999-SNAPSHOT:
[INFO]
[INFO] Quarkus - File Vault - Parent ...................... SUCCESS [ 0.922 s]
[INFO] Quarkus - File Vault - Runtime ..................... SUCCESS [ 3.304 s]
[INFO] Quarkus - File Vault - Deployment .................. SUCCESS [ 0.519 s]
[INFO] Quarkus - File Vault - Integration Tests ........... SUCCESS [ 3.404 s]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 8.291 s
[INFO] Finished at: 2022-06-14T14:22:42-03:00
[INFO] ------------------------------------------------------------------------
- Fork and clone the Vault Utils project at https://github.com/pedro-hos/vault-utils:
git clone https://github.com/pedro-hos/vault-utils
- Package the project:
mvn clean install
- Encrypting the secret. You can run the
--help
paramenter, to see the options:
$ java -jar target/quarkus-app/quarkus-run.jar --help
Usage: Encrypt Secret Util [-hV] -e=<encryptionKey> [-i=<iterationCount>]
-p=<keystorePassword> [-s=<salt>]
-e, --encryption-key=<encryptionKey>
(mandatory) Encryption Key
-h, --help Show this help message and exit.
-i, --iteration=<iterationCount>
(optional) Iteration count
-p, --keystore-password=<keystorePassword>
(mandatory) Keystore password
-s, --salt=<salt> (optional) 8 character salt
-V, --version Print version information and exit.
The only mandatory parameter are -p, --keystore-password
and -e, --encryption-key
the others are optional.
The -p, --keystore-password
is the keytool secret value;
The -e, --encryption-key=<encryptionKey>
is an random string used to encrypt and decript.
You can create the mask for example:
$ java -jar target/quarkus-app/quarkus-run.jar -e somearbitrarycrazystringthatdoesnotmatter -p storedpass
You should to see something like that at the output:
######################################################################################################
Please add the following paramenters on your application.properties file, and replace the <name> value!
The <name> will be used in the consumer to refer to this provider.
quarkus.file.vault.provider.<name>.encryption-key=somearbitrarycrazystringthatdoesnotmatter
quarkus.file.vault.provider.<name>.secret=RM6AXLntKXlsmZQfkvu6ag==
######################################################################################################
Save this for the next step.
You need to have https://github.com/kiegroup/process-migration-service and build this project.
- Comment the dependency https://github.com/kiegroup/process-migration-service/blob/7c4d11671dcada707a69d3b2072cec539386b70a/pom.xml#L134
- Change the https://github.com/kiegroup/process-migration-service/blob/7c4d11671dcada707a69d3b2072cec539386b70a/pom.xml#L225 dependency for the followin value:
<dependency>
<groupId>io.quarkiverse.file-vault</groupId>
<artifactId>quarkus-file-vault</artifactId>
<version>0.4.0</version>
<scope>system</scope>
<systemPath>/runtime/target/quarkus-file-vault-999-SNAPSHOT.jar</systemPath>
</dependency>
Change the <systemPath>/runtime/target/quarkus-file-vault-999-SNAPSHOT.jar</systemPath>
with the full quarkus file vault jar file runtime path. We have build the project at Build the Quarkus File Vault step.
- edit the application.yaml with the masked
secret
and theencryption-key
. The values is the same with the output from the step Using the Vault Utils
quarkus:
file:
vault:
provider:
pim:
path: pimvault.p12
secret: RM6AXLntKXlsmZQfkvu6ag==
encryption-key: somearbitrarycrazystringthatdoesnotmatter
You can also, change the salt
and the iteration count
values, the default are salt=1234abcd
and iteration count=65536
. Just run the vault-utils project with:
$ java -jar target/quarkus-app/quarkus-run.jar -e somearbitrarycrazystringthatdoesnotmatter -p storedpass -s q1w2e3r4 -i 76647
######################################################################################################
Please add the following paramenters on your application.properties file, and replace the <name> value!
The <name> will be used in the consumer to refer to this provider.
quarkus.file.vault.provider.<name>.salt=q1w2e3r4
quarkus.file.vault.provider.<name>.encryption-key=somearbitrarycrazystringthatdoesnotmatter
quarkus.file.vault.provider.<name>.iteration-count=76647
quarkus.file.vault.provider.<name>.secret=RUDJ9DviTm+w6tV0vN51CQ==
######################################################################################################
and add the following at the application.yaml file:
quarkus:
file:
vault:
provider:
pim:
path: pimvault.p12
secret: RUDJ9DviTm+w6tV0vN51CQ==
encryption-key: somearbitrarycrazystringthatdoesnotmatter
iteration-count: 76647
salt: q1w2e3r4