How to configure encrypted SSL keystore password in webapp-runner.jar

[mahesh-tier1app]

I have a Java web application developed using JSP and Servlet, which I run via webapp-runner.jar to launch the WAR file. The webapp-runner.jar provides an option to enable SSL using the --enable-ssl argument, requiring -Djavax.net.ssl.keyStore and -Djavax.net.ssl.keyStorePassword parameters.

However, I want to pass an encrypted value for javax.net.ssl.keyStorePassword rather than a plain text password. It appears that webapp-runner.jar doesn’t support encrypted passwords directly.

Is there any way to achieve this? Any suggestions or workarounds to securely handle the password for SSL configuration would be greatly appreciated.

[Malax]

Hi @mahesh-tier1app, thanks for reaching out!

Can you explain what your use-case is here? How do you use webapp-runner?

I'm not sure if the feature you're asking for can even be effectively implemented. Consider:

• If webapp-runner has some sort of simple decryption feature for the value of javax.net.ssl.keyStorePassword, it would be the same for all users of webapp-runner. If anyone would get hold of your encrypted password, the decryption will be trivial as the key could be found within webapp-runner.
• If the encryption key would be configureable, how would that configuration work? If an malicious actor can see your command line, they will probably also be able to see your webapp-runner configuration for the encryption key.

It's totally possible that I'm missing the point here, so having more information about your use-case would greatly help to find a solution for you here. :)