Password Aliases Overview

By default, passwords within Payara Server are treated like any other property and are stored in plaintext. Passwords stored in plaintext are a security risk, as you can directly read them, unencrypted and unobstructed.

A password alias allows you to have a plaintext reference to an encrypted password stored on the server, with the alias being used wherever the password is needed.

Using a password alias within the Admin Console

To use a password alias, navigate to any configuration view where you would have previously entered a password in plaintext format:

Password in plain text

In place of the password, you can enter an alias which corresponds to the password in the form: ${ALIAS=<password-alias-name>}:

Placeholder for Password Alias

To create a password alias from the admin console, read the instructions detailed here.

Using a password alias on the command line

On the command line, when using asadmin commands where you would previously have entered a password, you can instead enter the password placeholder ${ALIAS=<example-alias-name>} to avoid having passwords stored in the configuration in plain text.

Here is an example of setting the user’s password for a JDBC connection pool:

asadmin> create-jdbc-connection-pool [...] --property password=${ALIAS=<example-alias-name} [...]

To create a password alias from command line, read the instructions detailed here.

MicroProfile Config support

Password aliases can also be accessed using MicroProfile Config, as detailed here.

results matching ""

    No results matching ""