...
Currently password strings are plain text in deployment plans, such as datasource or JMS deployment plans within an EAR. It might pose a security problem to store password strings as plain text even though the deployment plans are only used during the deployment process, and not at runtime. Starting from WASCE Geronimo 2.1.1.45, users can encrypt passwords using the encrypt command and paste the encrypted strings into deployment plans as password.
...
Note that before you can use the unlockKeystore command, you need to ensure that the following lines are added to <WASCE<geronimo_HOME>home>/var/config/config-substitutions.properties:
...
- <keyStoreName> is the name of the keystore.
- <keyStoreEncryptedPassword> is the encrypted password for the keystore, which can be generated by using the encrypt command. When you copy and paste the generated encrypted password to <WASCE<geronimo_HOME>home>/var/config/config-substitutions.properties, there should be no space in the encrypted password string.
- <keyAlias1>, <keyAlias2> are the names of the private keys in the keystore.
- <keyAlias1EncryptedPassword>, <keyAlias2EncryptedPassword> are the encrypted passwords for the private keys, which can also be generated by using the encrypt command.
...