Deploying Applications Using Encrypted Passwords in a Mixed AES/AES256 Domains (Doc ID 3014116.1)

Last updated on APRIL 08, 2024

Applies to:

Goal

Given that there can be a potential mix of AES and AES256 domains in varying verticals, can you suggest a deployment approach that does not require the ear file to be modified (other than by providing a Plan.xml or AppFileOverrides) in the following scenario ?

* an application ear file that includes a JDBC data source descriptor. The xml descriptor in the ear includes an AES encrypted password attribute. This ear file is stored in Artifactory and is not changed from deployment to deployment.
* a Plan.xml file provides an overridden "password-encrypted" attribute and connection information that is different from vertical to vertical.

All verticals cited are running 12.2.1.4. However, most of them have been upgraded from 12.2.1.3 and are therefore still using AES. There are some newer verticals that were created for the first time in 12.2.1.4 and that are therefore using AES256.

In those latter domains, i.e. the ones using AES256, will not tolerate an encrypted password using the qualifier "AES" instead of "AES256", even when those passwords are ultimately replaced in a vertical-specific Plan.xml file. Deployments fail in such domains. The deployment process tries to parse the embedded JDBC descriptor even if it is overridden, and that parsing fails when AES is found while the domain is using AES256.


 

Solution

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.