Password Aliases Overview
By default, passwords within Payara Server are treated like any other property and are stored in plaintext. Passwords stored in plaintext are a security risk, as you can directly read them, unencrypted and unobstructed.
A password alias allows you to have a plaintext reference to an encrypted password stored on the server, with the alias being used wherever the password is needed.
Using a password alias within the Admin Console
To use a password alias, navigate to any configuration view where you would have previously entered a password in plaintext format:
In place of the password, you can enter an alias which corresponds to the password
in the form: ${ALIAS=<password-alias-name>}
:
To create a password alias from the admin console, read the instructions detailed here.
Using a password alias on the command line
On the command line, when using asadmin
commands where you would previously
have entered a password, you can instead enter the password placeholder ${ALIAS=<example-alias-name>}
to avoid having passwords stored in the configuration in plain text.
Here is an example of setting the user’s password for a JDBC connection pool:
asadmin> create-jdbc-connection-pool [...] --property password=${ALIAS=<example-alias-name} [...]
To create a password alias from command line, read the instructions detailed here.