Encrypt ConfigAdmin properties values in Apache Karaf
Apache Karaf loads all the configuration from etc/*.cfg files by default, using a mix of Felix FileInstall and Felix ConfigAdmin. These files are regular properties file looking like: key=value Some values may be critical, and so not store in plain text. It could be critical business data (credit card number, etc), or technical data (password to different systems, like database for instance). We want to encrypt such kind of data in the etc/*.cfg files, but being able to use it regulary in the application. Karaf provides a nice feature for that: jasypt-encryption. It’s very easy to use especially with Blueprint. The jasypt-encryption feature is an optional feature, so it means that you have to install it first: karaf@root()> feature:install jasypt-encryption This feature provides: jasypt bundle a namespace handler (enc:*) for blueprint Now, we can create a cfg file containing encrypted value. The encrypted value is “wrapped” in a ENC() function. For instance, we can create etc/my.cfg