Using STS with the Talend Runtime
From Talend Runtime 8.0 onwards, usernames and passwords in OSGi configurations are resolved as references to environment variables. For the username and password, first the OS environment is queried. If the parameter is not set as an OS environment variable, the Java system variables set in etc/custom.properties are queried. For the username, but not for the password, there is finally a literal default value.
#export TESB_AMQ_GUI_USER_PASSWORD=`secret-tool lookup trun-user $TESB_AMQ_GUI_USER_NAME`
#export TESB_AUXSTORE_AUTHENTICATION_PASSWORD=`secret-tool lookup trun-user $TESB_AUXSTORE_AUTHENTICATION_USERNAME`
#export TESB_AUXSTORE_SAML_PASSWORD=`secret-tool lookup trun-user $TESB_AUXSTORE_SAML_USERNAME`
#export TESB_EVENTLOGGING_JMS_PASSWORD=`secret-tool lookup trun-user $TESB_EVENTLOGGING_JMS_USERNAME`
#export TESB_EVENTLOGGING_REST_PASSWORD=`secret-tool lookup trun-user $TESB_EVENTLOGGING_REST_USERNAME`
#export TESB_LOCATOR_AUTHENTICATION_PASSWORD=`secret-tool lookup trun-user $TESB_LOCATOR_AUTHENTICATION_USERNAME`
#export TESB_REGISTRY_AUTHENTICATION_PASSWORD=`secret-tool lookup trun-user $TESB_REGISTRY_AUTHENTICATION_USERNAME`
#export TESB_REGISTRY_SAML_PASSWORD=`secret-tool lookup trun-user $TESB_REGISTRY_SAML_USERNAME`
#export TESB_SAML_SECURITY_PASSWORD=`secret-tool lookup trun-user $TESB_SAML_SECURITY_USERNAME`
#export TESB_SAM_SERVICE_SECURITY_PASSWORD=`secret-tool lookup trun-user $TESB_SAM_SERVICE_SECURITY_USERNAME`
#export TESB_TIDM_PASSWORD=`secret-tool lookup tidm-user $TESB_TIDM_USERNAME`
#export TESB_TLS_KEYSTORE_PASSWORD=`secret-tool lookup keystore-pwd tls`
#export TESB_TLS_KEY_PASSWORD=`secret-tool lookup keystore-pwd tlskey`
#export TESB_STS_KEYSTORE_PASSWORD=`secret-tool lookup keystore-pwd sts`
#export TESB_CLIENT_KEYSTORE_PASSWORD=`secret-tool lookup keystore-pwd client`
#export TESB_CLIENT_KEY_PASSWORD=`secret-tool lookup keystore-pwd clientkey`
#export TESB_SERVICE_KEYSTORE_PASSWORD=`secret-tool lookup keystore-pwd service`
#export TESB_SERVICE_KEY_PASSWORD=`secret-tool lookup keystore-pwd servicekey`
#export TESB_EVENTLOGGING_AGENT_KEYSTORE_PASSWORD=`secret-tool lookup keystore-pwd el`
#export TESB_EVENTLOGGING_AGENT_KEY_PASSWORD=`secret-tool lookup keystore-pwd elkey`
The keystore property files in etc/keystores are replaced by OSGi configurations using references to environment variables. While the keystore property files are still fully valid and evaluated, values from these properties files are overridden if also set in the OSGi configuration files.
For STS, the OSGi configuration file is:
- org.talend.esb.sts.keystore.cfg - Token service SAML assertion signing keystore