Merge pull request #2043 from fjuma/develop

Small updates for the blog post on adding support for encryption to an existing filesystem realm using Elytron Tool
wildfly-security · Oct 24, 2023 · 6a11bbe · 6a11bbe
2 parents 035e8cf + f402150
commit 6a11bbe
Showing 1 changed file with 9 additions and 5 deletions.
diff --git a/_posts/2022-04-19-filesystem-encryption-tool.adoc b/_posts/2022-04-19-filesystem-encryption-tool.adoc
@@ -33,23 +33,23 @@ The following options are required for both methods:
 
 - ``--input-location``: The absolute or relative location of the original filesystem realm.
 - ``--output-location``: The directory where the new filesystem realm resides.
+- ``--credential-store``: The relative or absolute path to the credential store file that contains the secret key (default: ``OUTPUT_LOCATION/mycredstore.cs``).
 
 The following options are optional for both methods, and have their defaults listed:
 
 - ``--realm-name``: The name of the new filesystem-realm (default: ``encrypted-filesystem-realm``).
-- ``--credential-store``: The relative or absolute path to the credential store file that contains the secret key (default: ``OUTPUT_LOCATION/mycredstore.cs``).
 - ``--secret-key``: The alias of the secret key stored in the credential store file (default: ``key``).
 - ``--hash-encoding``: The hash encoding used in the original filesystem realm (default: ``BASE64``).
 - ``--hash-charset``: The hash charset used in the original filesystem realm (default: ``UTF-8``).
 - ``--encoded``: If the original realm has encoded set to true (default: ``true``).
 - ``--levels``: The levels used in the original filesystem realm (default: ``2``).
 
 === Command Line
-To run in command line mode, specify the 2 mandatory options, and any optional ones applicable to your use case. For example:
+To run in command line mode, specify the mandatory options, and any optional ones applicable to your use case. For example:
 
 [source]
 ----
-$ WILDFLY_HOME/bin/elytron-tool.sh filesystem-encrypt --input-location fs-unencrypted-realm --output-location fs-encrypted-realm --realm-name new-realm --encoded false --levels 4 --hash-encoding HEX
+$ WILDFLY_HOME/bin/elytron-tool.sh filesystem-realm-encrypt --input-location fs-unencrypted-realm --output-location fs-encrypted-realm --credential-store myCredStore.cs --realm-name new-realm --encoded false --levels 4 --hash-encoding HEX
 ----
 This command will encrypt a filesystem
 
@@ -61,36 +61,40 @@ This command will encrypt a filesystem
 
 === Bulk Convert
 A descriptor file will allow you to convert multiple realms all at once from unencrypted to encrypted filesystem realms.
-To do this you will create a file in a specific format. Enter all the filesystem-encrypt options on a line with a ``:`` after with the value you want to set it to. To seperate realms, leave a blank line between the blocks.
+To do this you will create a file in a specific format. Enter all the filesystem-realm-encrypt options on a line with a ``:`` after with the value you want to set it to. To seperate realms, leave a blank line between the blocks.
 For example, if you wanted to encrypt 4 realms, the below file could be created. Here it shows setting different levels, hash-charsets, and hash-encodings in the realms.
 
 This filename is ``bulk-encryption-conversion-desc``.
 [source]
 ----
 input-location:target/test-classes/filesystem-encrypt/fs-unencrypted-realms/multiple-credential-types
 output-location:target/test-classes/filesystem-encrypt/fs-encrypted-realms
+credential-store:myCredStore.cs
 realm-name:multiple-credential-types
 levels:1
 
 input-location:target/test-classes/filesystem-encrypt/fs-unencrypted-realms/level-4
 output-location:target/test-classes/filesystem-encrypt/fs-encrypted-realms
+credential-store:myCredStore.cs
 realm-name:level-4
 levels:4
 
 input-location:target/test-classes/filesystem-encrypt/fs-unencrypted-realms/hashcharset
 output-location:target/test-classes/filesystem-encrypt/fs-encrypted-realms
+credential-store:myCredStore.cs
 realm-name:hash-charset
 hash-charset:KOI8-R
 
 input-location:target/test-classes/filesystem-encrypt/fs-unencrypted-realms/hashencoding
 output-location:target/test-classes/filesystem-encrypt/fs-encrypted-realms
+credential-store:myCredStore.cs
 realm-name:hash-encoding
 hash-encoding:hex
 ----
 To make use of this descriptor file, the following command would be run:
 [source]
 ----
-$ WILDFLY_HOME/bin/elytron-tool.sh filesystem-encrypt --bulk-convert ./bulk-encryption-conversion-desc
+$ WILDFLY_HOME/bin/elytron-tool.sh filesystem-realm-encrypt --bulk-convert ./bulk-encryption-conversion-desc
 ----