Following the steps below to change the default password of the admin user of WSO2 BAM and to secure it using Secure Vault.
By default, standalone WSO2 BAM runs with embedded Cassandra which uses WSO2 authentication to authenticate/authorize users, and has default admin user credentials configured in the datasources (WSO2BAM_CASSANDRA_EVENT_INDEX_SOURCE, WSO2BAM_CASSANDRA_DATASOURCE, WSO2BAM_UTIL_DATASOURCE, WSO2BAM_HIVE_INCREMENTAL_DATASOURCE) of the
<BAM_HOME>/repository/conf/bam-datasources.xml file, and in the
hive-site.xml file. However, you can change this default admin user to a Cassandra user who can connect to Cassandra as follows.
- If you configure WSO2 BAM with an external Cassandra Cluster (e.g. Apache Cassnndra, DSE Cassndra): Replace the admin user credentials with user credentials to connect to an external Cassandra cluster.
- If you use WSO2 BAM with the embedded Cassandra: Create a new user for Cassandra by assigning only Cassandra keyspace related permissions.
<AdminUser>section in the
<PRODUCT_HOME>/repository/conf/user-mgt.xmlfile accordingly as follows, if you want to change the password of the admin user.
To secure passwords using Secure Vault (i.e. by running
ciphertool.sh), change the password values of the following configurations in the
<PRODUCT_HOME>/repository/conf/security/cipher-text.propertiesfile accordingly as follows.
<password>property of the below datasources in the
<BAM_HOME>/repository/conf/datasources/bam-datasources.xmlfile by providing the password in plain text.
Skip this step if you are securing passwords using secure vault (i.e. by running
To secure passwords using Secure Vault, add the following new configurations to the
<BAM_HOME>/repository/conf/security/cipher-text.propertiesfile and change the value of the admin password accordingly.
Use the following configurations only secure the admin user passwords. You can also secure other passwords using Secure Vault.
Add the following configurations to the
Execute the following command to run the
<BAM_HOME>/bin/ciphertool.shCipher Tool script with the
-Dconfigureoption. Provide primary keystore password of the Carbon Server when prompted:
sh ciphertool.sh -Dconfigure
Enter the new admin password in the following configurations of the
By default, Secure Vault doesn't support passwords configured in the
<BAM_HOME>/repository/conf/advanced/hive-site.xmlfile. However, you require this step only if you are using incremental data processing.
After changing the password of admin user, properly configure all the data publishing agents (e.g. the mediation stat agent and service stat agent) in your setups according to the changed password.