So how do we achieve that with JBoss 7 and EAP 6? The shipped solution is JBoss Vault. Here follows a link of using it - https://community.jboss.org/wiki/JBossAS7SecuringPasswords. A note of the example, that you might want to consider:
- The key length of 1024 bytes is quite weak, consider using a longer key.
- You probably want to increase the default validity period, with the -validity flag.
"The default implementation of the vault utlizes a Java KeyStore. Its configuration uses Password Based Encryption, which is security by obscurity. This is not 100% security. It only gets away from the problem of clear text passwords in configuration files. There is always a weak link. (As mentallurg suggests in the comments, the keystore password is the weakest link)."
"Ideally, 3rd party ISV robust implementations of Vaults should provide the necessary security."
And maybe the most obvious question is how to make it stronger. And Red Hat answer that also on the same page. Store the keystore on an external USB device which you mount on bootup and then remove it. Or use a stronger third party solution.