How to use Elytron Credential store in messaging subsystem.

Environment

• Red Hat JBoss Enterprise Application Platform (EAP)
  • 7.4

Issue

• Messaging Subsystem cluster password and Elytron Credentials Store.
• We are unable to find the documentation or see any config references to the setting the cluster password within the messaging subsystem when performing the following :

/subsustem/messaging-activemq/server=default:read-resource()

Resolution

• To use Elytron credential store here instead of specifying cluster password in clear text one can follow below steps in sequence.
• Create a keystore say keystore.jceks
• Create a credential-store using :

 /subsystem=elytron/credential-store=messaging-test:add(location="/home/path/keystore.jceks", credential-reference={clear-text=cred-store},create=true)

• Add one secret value/alias in the store :

/subsystem=elytron/credential-store=messaging-test:add-alias(alias=cluster-password,secret-value=admin)

• Now to use this alias in the messaging subsystem in cluster-password, one would need to first undefine the cluster-password because cluster-credential-reference and cluster-password cannot work together :

/subsystem=messaging-activemq/server=default:undefine-attribute(name=cluster-password)

• Start the CLI batch mode :

batch
#/subsystem=messaging-activemq/server=default:write-attribute(name=cluster-credential-reference,value={store=messaging-test, alias=cluster-password})
#run-batch

• This will add the below entry in the configuration file :

          <server name="default">
                <cluster>
                    <credential-reference store="messaging-test" alias="cluster-password"/>
                </cluster>

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.