Private key supplied as credentials should not be readable from GUI/API

[lcastellano]

Version: 0.9.2

[sergiosagu]

Admiral does support encryption of private keys and password supplied as credentials, but it's an option not enabled by default.

To enable it you have to provide the argument -Dencryption.key.file=/path/to/encryption.key, where encryption.key is a file in the same format like vRA's encryption.key (see http://pubs.vmware.com/vrealize-automation-72/topic/com.vmware.vrealize.automation.doc/GUID-AA5CC745-2823-4EA3-AB08-67FA2C73900F.html). That's because, when integrated with vRA, Admiral has the encryption enabled by default.

To see how such encryption.key file can be generated you can check https://github.com/vmware/admiral/blob/master/common/src/main/java/com/vmware/admiral/common/security/EncryptorService.java. And in case you want to allow Admiral to auto-generate such encryption.key file for you in case it's missing, then you have to provide a 2nd argument, at least the 1st time, like: -Dencryption.key.file=/path/to/encryption.key -Dinit.encryption.key.file=true.

I'll keep the issue open to double-check it and to add the instructions to our Configuration guide since I've just realized that is missing.

[lcastellano]

Closing this issue as accessibility of both certificates (public and private) is a required feature.