Secure Credentials Vault
The secure credentials vault lets you encrypt credentials that Meridian uses. It stores credentials in the Java keystore (JKS) format. The secure credentials vault is enabled by default.
Configure secure credentials vault password
A custom secure credentials vault password is defined by the org.opennms.features.scv.jceks.key
property in ${OPENNMS_HOME}/etc/opennms.properties.d/svc.properties
.
The secure credentials vault keystore file is located in ${OPENNMS_HOME}/etc/scv.jce
.
You cannot change the secure credentials vault password once credentials have been stored.
You must delete ${OPENNMS_HOME}/etc/scv.jce and manually re-add any credentials if you want to change the password after the file has been created.
|
Store credentials
Entries in the SCV are identified by aliases. For each alias, you can store a username, a password, and a set of key-value pair attributes.
To access or add credentials, click
in the top menu bar.Access entries
Metadata expressions
You can access secure credentials vault entries from metadata using the scv
context.
Expression | Description |
---|---|
${scv:juniper-vm:username} |
Accesses the username from the |
${scv:juniper-vm:password} |
Accesses the password from the |
${scv:juniper-vm:user1} |
Accesses the |
${scv:corp-directory:domain} |
Accesses the |
Karaf commands
You can access and update SCV entries from the Karaf shell. To do so, follow the instructions below:
-
Open an SSH session:
ssh -p 8101 admin@localhost
-
Access or update secure credentials vault entries using the shell.
-
Use the following command to set credentials:
admin@opennms()> scv-set --help DESCRIPTION opennms:scv-set Sets and securely store the credentials for the given alias. SYNTAX opennms:scv-set alias username password ARGUMENTS alias Alias used to retrieve the credentials. (required) username Username to store. (required) password Password to store. (required)
-
Use the following command to access secure credentials vault entries:
admin@opennms()> scv-get --help DESCRIPTION opennms:scv-get Retrieves the username and attributes for the given alias. SYNTAX opennms:scv-get alias ARGUMENTS alias Alias used to retrieve the credentials. (required)
-