Encrypt tomcat keystore password

Question

Is there an option to encrypt keystorePass value in tomcat server.xml? I don\'t want it to be a plain text

Answer 1

1) Create the CustomEncryptService to encrypt and decrypt your password.

2) Override Http11Nio2Protocol class, something similar to the below code. (As mentioned above by user3675974)

public class CustomHttp11Nio2Protocol extends org.apache.coyote.http11.Http11Nio2Protocol {

  @Override
  public void setKeystorePass(String s) {
    try {
      super.setKeystorePass(new CustomEncryptService().decrypt(s));
    } catch (final Exception e){
      super.setKeystorePass("");
    }
  }
}

3) Configure the overridden class in the protocol attribute in server.xml like below.

4) Since this CustomHttp11Nio2Protocol class should be available during startup, create the Jar having the CustomHttp11Nio2Protocol and CustomEncryptService class, and put it inside your tomcat/lib.

Hope this helps.