Integration with IBM WebSphere Liberty

7 min

this section describes how to integrate kron pam password vault with ibm websphere liberty using the kron pam jdbc proxy driver the integration enables websphere to retrieve database credentials dynamically from kron pam vault at runtime, ensuring that no static passwords are stored within configuration files websphere application server manages jdbc connections through configuration elements defined in its server xml file by introducing the kron pam proxy driver, credential handling becomes dynamic—the driver contacts kron pam vault securely via https, retrieves the managed account credentials, and injects them into the connection request transparently configuration steps server level configuration define the required libraries, jdbc driver, and data source within the server xml configuration file application configuration declare the jndi resource reference () in the application’s web xml file code usage access the data source from your java application using standard jndi lookup methods example context initctx = new initialcontext(); datasource ds = (datasource) initctx lookup("java\ comp/env/jdbc/kronjdbcdriverds"); configuration guidelines when using the kron pam proxy driver do not specify user or password properties inside \<properties> blocks these credentials are automatically retrieved from kron pam at runtime the targetdriverclass property defines which native jdbc driver will be loaded in the background all pam communication occurs via https using the baseurl and acc token parameters postgresql configuration example the following is an example configuration for connecting to a postgresql database using a credential fetched from kron pam \<library id="postgresql library"> \<fileset dir="${shared resource dir}/lib/postgresql" includes="postgresql 42 7 3 jar com kron jdbc 1 0 0 jar"/> \</library> \<jdbcdriver id="postgresql kron driver" libraryref="postgresql library"/> \<datasource id="postgresql datasource" jndiname="jdbc/postgresqlds" jdbcdriverref="postgresql kron driver"> \<properties url="jdbc\ kron\ postgresql //db server 5432/appdb?baseurl=https //example kronpam com\&acc token=6adcb6af b84c 4a4c bfe3 e1d97d633f2b\&acc name=webapp user\&acc path=/dbs" targetdriverclass="org postgresql driver"/> \</datasource> driver component postgresql jdbc driver 42 7 3 supported versions postgresql 9 4 and higher mysql configuration example the following is an example configuration for connecting to a mysql database using a credential fetched from kron pam \<library id="mysql library"> \<fileset dir="${shared resource dir}/lib/mysql" includes="mysql connector j 8 2 0 jar com kron jdbc 1 0 0 jar"/> \</library> \<jdbcdriver id="mysql kron driver" libraryref="mysql library"/> \<datasource id="mysql datasource" jndiname="jdbc/mysqlds" jdbcdriverref="mysql kron driver"> \<properties url="jdbc\ kron\ mysql //mysql host 3306/appdb?baseurl=https //example kronpam com\&acc token=6adcb6af b84c 4a4c bfe3 e1d97d633f2b\&acc name=mysql app user\&acc path=/dbs/mysql" targetdriverclass="com mysql cj jdbc driver"/> \</datasource> driver component mysql connector/j 8 2 0 supported versions mysql 5 7 and 8 0 oracle database configuration example the following is an example configuration for connecting to an oracle database using a credential fetched from kron pam \<library id="oracle library"> \<fileset dir="${shared resource dir}/lib/oracle" includes="ojdbc8 21 5 0 0 jar com kron jdbc 1 0 0 jar"/> \</library> \<jdbcdriver id="oracle kron driver" libraryref="oracle library"/> \<datasource id="oracle datasource" jndiname="jdbc/oracleds" jdbcdriverref="oracle kron driver"> \<properties url="jdbc\ kron\ oracle\ thin @//oracle host 1521/orclpdb?baseurl=https //example kronpam com\&acc token=6adcb6af b84c 4a4c bfe3 e1d97d633f2b\&acc name=c##jdbcuser\&acc path=/dbs" targetdriverclass="oracle jdbc driver oracledriver"/> \</datasource> driver component oracle jdbc driver (ojdbc8 21 5 0 0 jar) supported versions oracle 11g r2 – 21c microsoft sql server configuration example the following is an example configuration for connecting to an mssql database using a credential fetched from kron pam \<library id="sqlserver library"> \<fileset dir="${shared resource dir}/lib/sqlserver" includes="mssql jdbc 6 2 1 jre7 jar com kron jdbc 1 0 0 jar"/> \</library> \<jdbcdriver id="sqlserver kron driver" libraryref="sqlserver library"/> \<datasource id="sqlserver datasource" jndiname="jdbc/sqlserverds" jdbcdriverref="sqlserver kron driver"> \<properties url="jdbc\ kron\ sqlserver //sql host 1433;databasename=appdb?baseurl=https //example kronpam com\&acc token=6adcb6af b84c 4a4c bfe3 e1d97d633f2b\&acc name=sql app user\&acc path=/dbs/sqlserver" targetdriverclass="com microsoft sqlserver jdbc sqlserverdriver"/> \</datasource> driver component microsoft jdbc driver for sql server supported versions sql server 2012 – 2022 verification after saving the configuration and restarting websphere validate that the data source is listed as active in the websphere administrative console deploy a test application or use the websphere data source test utility to verify the connection review kron pam vault logs to confirm successful credential retrieval via the api confirm that no credentials are stored within the server xml configuration