+

Search Tips   |   Advanced Search

Credential Vault Service


Credential Vault Service properties

Use the portal Credential Vault Service (WP CredentialVaultService) to configure Vault Adapter implementations.

Properites include...

    systemcred.dn
    Distinguished name (DN) of the vault administrative user. All system credentials are stored under the user's account. This property is set to the portal administrative user by default.

    export.userDN
    User DN value of the XML Access user allowed to import/export secrets via the XML Configuration interface. This is usually the same user DN string as defined in the same configuration file under the property systemcred.dn. This user needs authority to use the XML Configuration interface and has to be used during the import/export. Otherwise an import/export of credential secrets is not possible.

    export.cipher
    The cipher used during export for encryption. This cipher has to be available via Java JCE in the WebSphere Portal system. The default value is AES.

    export.keyLength
    Number of bits used as key length for the cipher. The default value is 128 .

    export.enforceSSL
    If true, credential import and export must be done via secured HTTP connection. If false, import and export credentials can be sent via an unsecured HTTP connection. Default is true .


Vault Adapter specific properties

By default, two Vault Adapter implementations are available:

  • default-release
  • default-customization

Those Vault Adapters store credential secrets in the portal server data store. For each implementation, define a unique string type, a class name, and a domain. Optionally, we can specify a configuration file, managing resources, and a read only flag.

Define the following properties for each Vault Adapter Implementation Type. To be able to differentiate the properties for each type, the properties are in the format...

    vault.type.key

Replace type by the Vault Adapter Implementation Type, and replace key by the key. The following list shows the properties we can append:

    class
    Vault Adapter Implementation Class Name, but without the .class extension. This property is mandatory.

    config
    Path of a configuration file the adapter may need . Optional.

    domain = (rel)
    Database domain where the segment and slot configuration data is stored. In the special case of the DefaultVault, this also specifies where the actual credentials are stored. This property is mandatory. Possible values are all available database domains as specified in the Data Store Service. The default value is rel ; this specifies the release domain.

    manageresources = (false)
    Whether the Vault Adapter should create and delete resources. Optional. If true, the adapter must have internal support to manage resources. If we omit this property, it will default to false .

    readonly = (true)
    Whether the underlying vault for this adapter should be considered read only. Optional. If true, the manageresources property is ignored. If we omit this property, it will default to true .


Parent Portal Security Services