Secure Credentials Vault

Secure Credentials Vault (SCV) lets you encrypt credentials the Horizon system uses. SCV uses a Java KeyStore (JKS) to store credentials in JKS format. SCV is enabled by default on Horizon.

Configuring SCV password

A custom SCV password can be defined with the org.opennms.features.scv.jceks.key system property in the ${OPENNMS_HOME}/etc/opennms.properties.d/svc.properties file. The SCV keystore file is stored at ${OPENNMS_HOME}/etc/scv.jce.

The SCV password cannot be changed once it has credentials stored. The keystore file must be deleted and credentials re-added if you want to change the password from the default after the file has been created.

Storing credentials in SCV

SCV entries are identified by an alias. For each alias, you can store username, password, and a set of key-value pair attributes. To access or add credentials, navigate to UI Preview  Secure Credentials Vault.

Accessing SCV entries

Access SCV entries from metadata with context scv.

${scv:juniper-vm:username}

This metadata expression can access the username from the juniper-vm alias.

${scv:juniper-vm:password}

This metadata expression can access the password from the juniper-vm alias.

${scv:juniper-vm:user1}

This metadata expression can access the user1 property from the juniper-vm alias.

${scv:corp-directory:domain}

This metadata expression can access the domain property from the corp-directory alias.

Karaf commands

You can update and access SCV entries from the Karaf shell.

ssh -p 8101 admin@localhost

Once in the shell, you can set credentials from the scv-set command as follows:

Set SCV entries
admin@opennms()> scv-set --help
DESCRIPTION
        opennms:scv-set

	Sets and securely store the credentials for the given alias.

SYNTAX
        opennms:scv-set alias username password

ARGUMENTS
        alias
                Alias used to retrieve the credentials.
                (required)
        username
                Username to store.
                (required)
        password
                Password to store.
                (required)

You can also access SCV entries from the scv-get command as follows:

Get SCV entries
admin@opennms()> scv-get --help
DESCRIPTION
        opennms:scv-get

	Retrieves the username and attributes for the given alias.

SYNTAX
        opennms:scv-get alias

ARGUMENTS
        alias
                Alias used to retrieve the credentials.
                (required)