I need to store ldap username and password in wildfly. I did as follow but my manager said is not safe how I did:
String ldapCredentials = System.getProperty("ldap.user");
byte[] credDecoded = Base64.getDecoder().decode(ldapCredentials == null ? "" : ldapCredentials);
String credentials = new String(credDecoded, StandardCharsets.UTF_8);
String[] ldapDecoded = credentials.split(",");
ldapSearchUser = ldapDecoded[0];
ldapSearchPassword = ldapDecoded[1];
in the standalone:
<system-properties>
<property name="ldap.user" value="randomvaluebase64"/>
</system-properties>
He told me I need to use the security default of wildfly, I found a lot of things about it but i wasn't able to find how to fetch in java than, any idea?
The original answer I provided only applies to WildFly 23 or newer. I'll leave it below the correct answer for reference.
You'll want to use a credential store, which encrypts the contents with a Java KeyStore. The linked documentation goes into details, but this example class shows how you can retrieve the contents of the credential store.
To secure the credential store password itself, you have a few options:
PBEwithMD5andDES) is now brute-forceable, so I don't recommend it, and won't include instructions on how to do so.If you're able to upgrade to WildFly 23 or newer, you'll have access to a more secure option, as defined below.
As for adding the LDAP credentials (and securing the password for the credential store itself), this blog post explains how to use them with encrypted expressions. This allows you to store an encrypted copy of the credential store's password in the server configuration.
Note: although it may seem like you can use an encrypted expression directly to store the LDAP credentials, it will not be resolved in a non-secure context, and likely won't work in the Java class.