If the directory/file paths specified in this guide do not exist in your WSO2 product, see Directory Structure of WSO2 Products to locate the paths applicable to your product.
Page Comparison - Carbon Secure Vault Implementation (v.9 vs v.10) - Administration Guide 4.4.x - WSO2 Documentation

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

You can implement your own Secure Vault configurations by changing the default Secret Repository, Repository and the Secret Callback Handler, and by using a custom keystore instead of the default product keystore. See the following for topics for instructions:

...

To create a custom secret repository, you need to implement the SecretRepository and SecretRepositoryProvider interfaces:

  1. Create your custom secret repository by implementing the org.wso2.securevault.secret.SecretRepository interface:

    Code Block
    public class CustomSecretRepositoryImpl extends SecretRepository {
     public void init(Properties properties, String s) {
     }
     public String getSecret(String s) {
           return null;
     }
     public String getEncryptedData(String s) {
           return null;
     }
     public void setParent(SecretRepository secretRepository) {
     }
     public SecretRepository getParent() {
           return null;
     }
    } 
  2. Then you need to implement the org.wso2.securevault.secret.SecretRepositoryProvider class as shown below. This class returns an instance of the custom SecretRepository that you implemented above.

    Code Block
    public class CustomSecretRepositoryProvider implements SecretRepositoryProvider {
       public SecretRepository getSecretRepository(IdentityKeyStoreWrapper identityKeyStoreWrapper,
           TrustKeyStoreWrapper trustKeyStoreWrapper) {
        return new CustomSecretRepositoryImpl(identityKeyStoreWrapper, trustKeyStoreWrapper);
      }
    } 
  3. Create a JAR or an OSGI bundle. 

  4. Then, copy the JAR file to the <PRODUCT_HOME>/repository/component/lib/directory or the OSGI bundle to the <PRODUCT_HOME>/repository/component/dropins/ directory

  5. Replace the secretRepositories.file.provider entryin the secret-conf.properties file (stored in the <PRODUCT_HOME>/repository/conf/security/ directory) with your secret repository class name. 

Using a custom keystore

You can use a new keystore for Secure Vault instead of using the wso2carbon.jks keystore that is shipped with the product by default.

  1. Create a new keystore.
  2. Then, change your keystore location (keystore.identity.location) in the secret-conf.properties file (stored in the <PRODUCT_HOME>/repository/conf/security/ directory) to the location of your new keystore file.