README.md

The script is used for encrypting the datasource passwords on jboss servers ref.

The flow is as follows:

1. Encrypt the plain texts of passwords
2. Change the *-ds.xml files, like

<!-- REPLACED WITH security-domain BELOW
<user-name>admin</user-name>
<password>password</password>
-->
<security-domain>EncryptDBPassword</security-domain>

3. Change the login-config.xml

a. if local-tx-datasource, then add policy entry

<policy>
    <!-- Example usage of the SecureIdentityLoginModule -->
    <application-policy name="EncryptDBPassword">
        <authentication>
            <login-module code="org.jboss.resource.security.SecureIdentityLoginModule" flag="required">
                <module-option name="username">admin</module-option>
                <module-option name="password">5dfc52b51bd35553df8592078de921bc</module-option>
                <module-option name="managedConnectionFactoryName">jboss.jca:name=PostgresDS,service=LocalTxCM</module-option>
            </login-module>
        </authentication>
    </application-policy>
</policy>

b. if xa-datasource, then the module-option name="managedConnectionFactoryName" should be:

<module-option name="managedConnectionFactoryName">jboss.jca:name=PostgresDS,service=XATxCM</module-option>

encrypt_passwords_jboss_6.sh

#! /usr/bin/sh

pws=("$@")

# test if JBOSS_HOME set or not
[ -z "$JBOSS_HOME" ] && echo "Need to set JBOSS_HOME" && exit 1;

# encrypt the passwords
for arg in "${pws[@]}"; do
    echo "*******************"
    echo "Encrypting $arg..."
    java -cp $JBOSS_HOME/client/jboss-logging.jar:$JBOSS_HOME/lib/jbosssx.jar org.jboss.resource.security.SecureIdentityLoginModule $arg
done

reference