Configure runtimeConfig on DQ to auth via KeyCloak using the property truststore-password encrypter


Hi Everyone,


     My DQ and KeyCloak is running integrated for authentication but the password in the attribute name=”truststore-password” is using password without encryption.

    I tried to encrypt via command encrypt.bat on DQ  but  without success. I just have a success in the authentication using clear password.

    Is there someone that have success to encrypt the value for the property truststore-password with keycloak?


<config class="com.ataccama.server.keycloak.KeycloakDeploymentContributor">
            <keycloakConfig name="keycloak-admin-center.json">
                <!-- Define common parameters for all clients. They can be overridden by client-specific settings.-->
                    <!--<attribute name="ssl-required" value="external"/> -->
                    <attribute name="enable-basic-auth" value="true"/>
                    <attribute name="ssl-required" value="all"/>
                    <attribute name="truststore" value="C:/dqs_12.6.3_win_x86_64/keycloak/standalone/configuration/keycloak.jks"/>
                   <attribute name="truststore-password" value="passw0rd123"/> 
                  <!-- <attribute name="truststore-password" value="crypted:AES:hN0z4+C3PHfZNZNvO2zmZ0gkhMUz243oIHuM10uHcgo="/> --> 

                    <client id="one-admin-center">
                            <!-- Define client-specific settings.-->
                            <attribute name="use-resource-role-mappings" value="false"/>
                            <attribute name="public-client" value="false"/>
                            <attribute name="bearer-only" value="false"/>
                            <attribute name="autodetect-bearer-only" value="false"/>
                            <attribute name="always-refresh-token" value="false"/>                           
                            <attribute name="principal-attribute" value="preferred_username"/>



Best answer by AKislyakov 30 May 2023, 09:23

View original

2 replies

Userlevel 4
Badge +6

Hi @msilva, thank you for posting! You might find the following documentation useful for your use case:


Userlevel 3
Badge +4

Hi @msilva,

Unfortunately, only properties listed as encryptable can be encrypted. The generic attribute list is not one of them.