Secure Credentials Vault

The secure credentials vault lets you encrypt credentials that Meridian uses. It stores them in the Java keystore (JKS) format.

The secure credentials vault is enabled by default.

Configure password

You can configure a custom password for the secure credentials vault by editing org.opennms.features.scv.jceks.key in ${OPENNMS_HOME}/etc/opennms.properties.d/svc.properties.

You cannot change the secure credentials vault password after credentials have been stored. You must delete ${OPENNMS_HOME}/etc/scv.jce and manually re-add any credentials if you want to change the password after the file has been created.

The secure credentials vault keystore file is located in ${OPENNMS_HOME}/etc/scv.jce.

Store credentials

Entries in the SCV are identified by aliases. For each alias, you can store a username, a password, and a set of key-value pair attributes.

To access or add credentials, click Info Secure Credentials Vault in the top menu bar.

Access entries

Metadata expressions

You can access entries in the secure credentials vault from metadata using the scv context.

Example metadata expressions
Expression	Description
${scv:juniper-vm:username}	Accesses the username from the `juniper-vm` alias.
${scv:juniper-vm:password}	Accesses the password from the `juniper-vm` alias.
${scv:juniper-vm:user1}	Accesses the `user1` property from the `juniper-vm` alias.
${scv:corp-directory:domain}	Accesses the `domain` property from the `corp-directory` alias.

Karaf commands

You can access and update entries in the secure credentials vault from the Karaf shell. To do so, follow these steps:

Open an SSH session:
```
ssh -p 8101 admin@localhost
```

Access or update secure credentials vault entries using the shell.

Set credentials:

admin@opennms()> scv-set --help
DESCRIPTION
        opennms:scv-set

	Sets and securely store the credentials for the given alias.

SYNTAX
        opennms:scv-set alias username password

ARGUMENTS
        alias
                Alias used to retrieve the credentials.
                (required)
        username
                Username to store.
                (required)
        password
                Password to store.
                (required)

Access secure credentials vault entries:

admin@opennms()> scv-get --help
DESCRIPTION
        opennms:scv-get

	Retrieves the username and attributes for the given alias.

SYNTAX
        opennms:scv-get alias

ARGUMENTS
        alias
                Alias used to retrieve the credentials.
                (required)