WSO2 ESB. Accessing Secure Vault programmaticaly

I am implementing handler for REST API in Java (org.apache.synapse.rest.Handler interface). And there is a case, when I need to access Secure Vault and get a value. I know that you are able to achieve this by expression="wso2:vault-lookup('YOUR.KEY.HERE')" in sequence, but can't find api to do this in handler. I believe that org.apache.synapse.MessageContext can help, but not sure how.

You can use below code segment in the custom handler.

 public String getSecretPassword(String alias, MessageContext messageContext){
     RegistrySecretRepository regRepo = new RegistrySecretRepository();
     regRepo.setSynCtx(messageContext);
     return regRepo.getSecret(alias); 
    }

Dependency for pom.xml, the version needs to be changed according to your product version.

<dependency>
    <groupId>org.wso2.carbon</groupId>
    <artifactId>org.wso2.carbon.mediation.security</artifactId>
    <version>4.2.0</version>
</dependency

Please refer - http://malantech.blogspot.com/2016/10/basic-authentication-handler-with.html

Thanks

WSO2 Enterprise Integrator Secure Vault Manipulation API, WSO2 EI 6.2.0 secure vault manipulation API_blog to be set dynamically during automatic deployment of a new environment. To be able to change values inside the secure vault remotely, you need to have access to Wouter is a certified WSO2 ESB consultant with experience on a variety of projects. WSO2 ESB Tutorial: How to programmatically manage Secure Vault passwords. When we need to store encrypted passwords for our integrations we use the Secure Vault implementation shipped with the WSO2 products The WSO2 Documentation shows us how to add our passwords using

I believe you will not be able to get the value of the security vault directly from your handler so I advise you to recover the password and put it in a property and inside your handler to retrieve the property.

<property name="passwordvault"
                   expression="wso2:vault-lookup('YOUR.KEY.HERE')"
                   scope="default"/>

And use the MessageContext to get the propertie like this:

context.getProperty("passwordvault");

WSO2 ESB. Accessing Secure Vault programmaticaly, You can use below code segment in the custom handler. public String getSecretPassword(String alias, MessageContext messageContext){  In all WSO2 products, Secure Vault is commonly used for encrypting passwords and other sensitive information in configuration files. When you use the ESB profile of WSO2 EI, you can encrypt sensitive information contained in synapse configurations in addition to the information in configuration files.

That's just a workaround which is not advisable , i believe you can try below code as i have used similar earlier as well and it worked

<property expression="wso2:vault-lookup('ei.training.userid')" name="UserID" scope="default" type="STRING"/>
            <log>
                <property expression="wso2:vault-lookup('ei.training.userid')" name="UID"/>
            </log>

WSO2 ESB. Accessing Secure Vault programmaticaly, I am implementing handler for REST API in Java (org.apache.synapse.rest.​Handler interface). And there is a case, when I need to access Secure Vault and get a  WSO2 ESB Tutorial: How to programmatically manage Secure Vault passwords. When we need to store encrypted passwords for our integrations we use the Secure Vault implementation shipped with the WSO2 products The WSO2 Documentation shows us how to add our passwords using

And I will answer my own question.

I've created a dummy sequence and placed it into Registry

<sequence name="SecureVaultSeq" trace="disable" xmlns="http://ws.apache.org/ns/synapse">
<property expression="wso2:vault-lookup('MY.PASS')" name="NAME"
        scope="default" type="STRING"
        xmlns:ns="http://org.apache.synapse/xsd" xmlns:ns3="http://org.apache.synapse/xsd"/>
</sequence>

Then in my handler i retrieved it like this:

messageContext.getConfiguration().getSequence("conf:Resources/sequences/SecureVaultSeq.xml").mediate(messageContext);
key = (String) messageContext.getProperty("NAME");

Hope this will help someone.

Working with Passwords in the ESB profile, All WSO2 products are shipped with a Secure Vault implementation that allows you to When you use the ESB profile of WSO2 EI, you can encrypt sensitive If the registry does not have write-access enabled, the required  Is it possible to configure entries using the Admin Services like you can do via the Secure Vault Tool in the Enterprise Integrator (ESB) admin page? I currently use PowerShell scripts to install/configure WSO2, but need to now add values into the secure vault.

Working with Passwords in the ESB profile, All WSO2 products are shipped with a Secure Vault implementation that allows you to When you use the ESB profile of WSO2 EI, you can encrypt sensitive If the registry does not have write-access enabled, the required  WSO2 ESB provides a secure vault that allows you to store encrypted passwords that are mapped to aliases. This approach allows you to use the aliases instead of the actual passwords in your configuration files for better security. For example, some configurations require the admin username and password.

A comprehensive beginner to expert guide for learning WSO2 ESB 5.0, Readers can also access source code at SpringerLink in the. Supplementary □Chapter 11: Administrating and Extending WSO2 ESB 267 An inbound endpoint allows you to dynamically integrate external message sources Working+with+Passwords to see how you can configure a secure vault.) Let's say  This will create an AS400 instance in the mediation flow which can later be used for accessing programs on the AS400 server. Secure Vault is supported for encrypting all parameters in the connector. Refer Working with Passwords on integrating and using Secure Vault.

Improved callback for calling Backend Services from WSO2ESB , Improved callback for calling Backend Services from WSO2ESB With Rampart config callback handler, we are going to build the that configuration dynamically. this callback would retrieve the decrypted password from secure vault in ESB. Exchanging An OAuth2 Access token for An OpenAM Cookie  If you want to access properties from an external registry, you could create Java code that reads the properties at runtime from that registry. Be sure to store sensitive data such as username and password to connect to the registry in a properties file instead of in the Java code and secure the properties file with the secure vault.

Comments
  • But this is not a property actually, I need a vault entry. I still tried your solution, but it doesn't work.
  • @КонстантинТокарев I edited my answer, maybe this "workaround" work for you.
  • No, it won't. I would have used this approach if I used custom mediator. But Handler is invoked before the API sequence, so this prop won't be in a scope at the moment
  • I think you can not access the security vault outside of a sequence. At least I never tried and I did not see it working either.
  • Well I've found a way to do this, posted the answer