using WSO2 carbon registry for storing sensitive configuration data

Question

I have a third party service that I need to call from my AXIS2 web service that I have deployed into a WSO2 App Server.

I would like to store the username and password for the third party service in the Carbon registry, however, I want to protect the sensitive data (e.g. secretpassword), so it isn't visible in the clear by DBA's who have access to the registry data.

    SomeService= new SomeService(
         new URL("https://some-server:9443/service"), "admin", "secretpassword");

Ideally, the sensitive data would be encrypted.

Question: Does the registry support encrypted data?

A similar question has been asked here, but I haven't been able to find any more information.

Answer 1

For encrypting certain properties of a resource, you can use the Encryption Handler by adding the following config to registry.xml (as described in this thread):

  <handler class="org.wso2.carbon.registry.extensions.handlers.EncryptionHandler"> 
    <property name="propertyNames">foo,bar</property> 
    <property name="encryptContent">true</property> 
    <filter class="org.wso2.carbon.registry.core.jdbc.handlers.filters.MediaTypeMatcher"> 
        <property name="mediaType">application/vnd.wso2.foo</property> 
    </filter> 
</handler>

To secure the secret information in WSO2 Carbon configuration files you can use secure vault as described here.