Secure Credentials Vault

The secure credentials vault lets you encrypt credentials that Meridian uses. It stores credentials in the Java keystore (JKS) format. The secure credentials vault is enabled by default.

Configure secure credentials vault password

A custom secure credentials vault password is defined by the org.opennms.features.scv.jceks.key property in ${OPENNMS_HOME}/etc/opennms.properties.d/svc.properties. The secure credentials vault keystore file is located in ${OPENNMS_HOME}/etc/scv.jce.

You cannot change the secure credentials vault password once credentials have been stored. You must delete ${OPENNMS_HOME}/etc/scv.jce and manually re-add any credentials if you want to change the password after the file has been created.

Store credentials

Entries in the SCV are identified by aliases. For each alias, you can store a username, a password, and a set of key-value pair attributes.

To access or add credentials, click Info Secure Credentials Vault in the top menu bar.

Access entries

Metadata expressions

You can access secure credentials vault entries from metadata using the scv context.

Example metadata expressions for accessing secure credentials vault entries
Expression	Description
${scv:juniper-vm:username}	Accesses the username from the `juniper-vm` alias.
${scv:juniper-vm:password}	Accesses the password from the `juniper-vm` alias.
${scv:juniper-vm:user1}	Accesses the `user1` property from the `juniper-vm` alias.
${scv:corp-directory:domain}	Accesses the `domain` property from the `corp-directory` alias.

Karaf commands

You can access and update SCV entries from the Karaf shell. To do so, follow the instructions below:

Open an SSH session:
```
ssh -p 8101 admin@localhost
```

Access or update secure credentials vault entries using the shell.

Use the following command to set credentials:

admin@opennms()> scv-set --help
DESCRIPTION
        opennms:scv-set

	Sets and securely store the credentials for the given alias.

SYNTAX
        opennms:scv-set alias username password

ARGUMENTS
        alias
                Alias used to retrieve the credentials.
                (required)
        username
                Username to store.
                (required)
        password
                Password to store.
                (required)

Use the following command to access secure credentials vault entries:

admin@opennms()> scv-get --help
DESCRIPTION
        opennms:scv-get

	Retrieves the username and attributes for the given alias.

SYNTAX
        opennms:scv-get alias

ARGUMENTS
        alias
                Alias used to retrieve the credentials.
                (required)