Search code examples
jakarta-eedeploymentweblogicwarear

Weblogic: Encrypt properties

Weblogic application server 10g and above encrypts data source passwords etc. in the configuration files which is usually fine.

For a third party library, I have to provide credentials via my application (EAR/WAR) which differ between environments.

I'm aware of the plan.xml / <env-entry/> approach but to my knowledge, this can only replace/modify the deployment descriptor with literal values, not with encrypted values - at least I have not found any example.

All in all I want to "inject" credentials in my application as much as possible supported by the application server and without any "self-build" solutions with external properties file etc (like jaspy).

Is that somehow possible via weblogic's plan.xml approach?

Thanks!

Solution

  • We ended up with this approach:

    • Let the user create a encrypted string via WLS' python console - the result has always a prefix being {AES} or {DES}
    • Read from the plan.xml the value literally. If it does not start with {AES} or {DES} then use it right away
    • Otherwise decrypt via this WLS internal API: https://community.oracle.com/thread/2225201?tstart=0

    I do not like using this hidden API but at least that uses WLS' own encrypting and salting and it becomes Sysops responsibility ;-)