Secure Credentials Vault

The secure credentials vault lets you encrypt credentials that Meridian uses. It stores credentials in the Java keystore (JKS) format. The secure credentials vault is enabled by default.

Configure secure credentials vault password

A custom secure credentials vault password is defined by the org.opennms.features.scv.jceks.key property in ${OPENNMS_HOME}/etc/opennms.properties.d/svc.properties. The secure credentials vault keystore file is located in ${OPENNMS_HOME}/etc/scv.jce.

You cannot change the secure credentials vault password once credentials have been stored. You must delete ${OPENNMS_HOME}/etc/scv.jce and manually re-add any credentials if you want to change the password after the file has been created.

Store credentials

Entries in the SCV are identified by aliases. For each alias, you can store a username, a password, and a set of key-value pair attributes.

To access or add credentials, click Info  Secure Credentials Vault in the top menu bar.

Access entries

Metadata expressions

You can access secure credentials vault entries from metadata using the scv context.

Example metadata expressions for accessing secure credentials vault entries
Expression Description

${scv:juniper-vm:username}

Accesses the username from the juniper-vm alias.

${scv:juniper-vm:password}

Accesses the password from the juniper-vm alias.

${scv:juniper-vm:user1}

Accesses the user1 property from the juniper-vm alias.

${scv:corp-directory:domain}

Accesses the domain property from the corp-directory alias.

Karaf commands

You can access and update SCV entries from the Karaf shell. To do so, follow the instructions below:

  1. Open an SSH session:

    ssh -p 8101 admin@localhost
  2. Access or update secure credentials vault entries using the shell.

    • Use the following command to set credentials:

      admin@opennms()> scv-set --help
      DESCRIPTION
              opennms:scv-set
      
      	Sets and securely store the credentials for the given alias.
      
      SYNTAX
              opennms:scv-set alias username password
      
      ARGUMENTS
              alias
                      Alias used to retrieve the credentials.
                      (required)
              username
                      Username to store.
                      (required)
              password
                      Password to store.
                      (required)
    • Use the following command to access secure credentials vault entries:

      admin@opennms()> scv-get --help
      DESCRIPTION
              opennms:scv-get
      
      	Retrieves the username and attributes for the given alias.
      
      SYNTAX
              opennms:scv-get alias
      
      ARGUMENTS
              alias
                      Alias used to retrieve the credentials.
                      (required)