Password aliases available in payara-micro?

I see payara-micro has a wonderful range of options for secrets, but I see no mention of good ole password aliases. Is the password alias mechanism available in payara-micro, or must apps being ported from payara server to payara micro be adapted to use a different secrets mechanism?

Thanks!

2 Likes

Hi,

Sadly password aliases are not available in Payara Micro, it is a Payara Server only feature.

You will have to adapt your apps in this case to use a different mechanism.

Thanks,
Alan

To compliment’s Alan’s answer, you may also raise an enhancement request in the official GitHub Issue tracker and give a detailed review of your use case on using password aliases in Payara Micro. If the community gets excited about it, we will consider implementing it in a future release.

1 Like

Excuse me,

Since the Cloud Config Sources :: Payara Community Documentation mentions that AWS Cloud Config Source, DynamoDB Config Source and HashiCorp Secrets Config Source require a password alias during setting up.

Does this mean, at the moment, we cannot use the Cloud Config Sources within our Payara Micro ?

@AlanRoth @fturizo many thank for the definitive answer.

And it appears @charlee_ch has asked my follow-up question for me :smiley:

The lack of password alias support in payara-micro would be mitigated if payara-micro supports the cloud config sources. I haven’t tried the vault config source yet, but it would be a workable replacement for password aliases if indeed the cloud config sources are supported by payara-micro :crossed_fingers:

Thanks again!

@philross and @charlee_ch, you are correct in wanting to know how to properly use the Cloud Config Sources in Payara Micro since password aliases are not “officially” supported as we have already mentioned.

A workaround to this scenario is to create a pre-boot command script that creates the password alias in preparation for the Cloud config source to work correctly once an application is deployed after the micro instance is correctly launched. We’ll admit that this is a hacky solution, so we’ll discuss this internally with our product management team to decide what is the best way to proceed on this scenario.

1 Like

@fturizo Thank you very much for the information.

IMHO, even using preboot and/or postboot is a kind of hacky solution, it is fine for me since they are able to support most of asadmin command. The fish.payara.micro.impl.PayaraMicroImpl.java also make use of them during starting up as well.

Anyhow the official support for password aliases would be great. I’m excited and looking forward to hearing soon.

From a product management point of view, the issue is raised to allow the configuration of the Cloud Config sources without the need for password aliases (just using MicroProfile Config Sources). This makes it easier to use them with Payara Micro.

But be aware that this also means that some sensitive information might not be properly shielded and easy to read.

There is no target version defined for this improvement.

Rudy

1 Like

Just for your convenience, you can create a password alias in Payara Micro with a post boot command like this:

First, create a password file to provide the password in a non-interactive way:

AS_ADMIN_ALIASPASSWORD=password

Then create a password file e.g. named postboot.commands:

create-password-alias --passwordfile ${ENV=PATH_TO_PASSWORD_FILE} my-alias

Then define the PATH_TO_PASSWORD_FILE environment variable that contains the absolute path to the password file, e.g. on Linux:

export PATH_TO_PASSWORD_FILE=/home/myuser/passwordfile

And then execute Payara Micro with the post boot command file:

java -jar payara-micro.jar --postbootcommandfile postboot.commands

This will create a password alias called my-alias with the password specified in the /home/myuser/passwordfile file.

It’s not very straightforward that’s why we plan to make it easier to use aliases in Payara Micro or provide simpler means to configure cloud config sources.

I hope this helps you in case you still need it.

All the best,
Ondro

1 Like