Friday, July 29, 2016

Secure vault support in WSO2 ESB inbound parameters



In ESB 5.0.0, wso2:vault-lookup('alias') expression can be used in all inbound endpoint parameters. even in registry resource text, valut-lookup() expression can be used and set resource as the parameter value.

Parameter value  need to be encrypted and store with a alias and retrieve the actual value in your ESB  inbound configuration as below.

Before adding alias, You need to run the cipher tool in ESB. Go to bin directory and issue
"sh ciphertool.sh -Dconfigure"
Then go to the management console and click on "Manage Password" and create a alias my.username and my.password. here you can store the encrypted value for given values.

Add a registry resource(conf:/userInfo/password) which contains  {wso2:vault-lookup('my.password')} as the text contains.

Then you can use the alias in your inbound parameters with lookup fuction.
 Ex: wso2:vault-lookup('my.password')


<inboundEndpoint xmlns="http://ws.apache.org/ns/synapse"  
          name="activemq"  
          sequence="seq1"  
          onError="fault"  
          protocol="jms"  
          suspend="false">  
   <parameters>  
    <parameter name="interval">10</parameter>  
    <parameter name="sequential">true</parameter>  
    <parameter name="coordination">true</parameter>  
    <parameter name="java.naming.factory.initial">org.apache.activemq.jndi.ActiveMQInitialContextFactory</parameter>  
    <parameter name="java.naming.provider.url">tcp://localhost:61616</parameter>  
    <parameter name="transport.jms.ConnectionFactoryJNDIName">QueueConnectionFactory</parameter>  
    <parameter name="transport.jms.ConnectionFactoryType">queue</parameter>  
    <parameter name="transport.jms.Destination">order</parameter>  
    <parameter name="transport.jms.SessionTransacted">false</parameter>  
    <parameter name="transport.jms.SessionAcknowledgement">AUTO_ACKNOWLEDGE</parameter>  
    <parameter name="transport.jms.CacheLevel">3</parameter>  
    <parameter name="transport.jms.UserName">{wso2:vault-lookup('my.username')}</parameter>  
    <parameter name="transport.jms.Password" key="conf:/userInfo/password"/>  
    <parameter name="transport.jms.SubscriptionDurable">false</parameter>  
    <parameter name="transport.jms.SharedSubscription">false</parameter>  
   </parameters>  
 </inboundEndpoint>  


No comments:

Post a Comment