Secure Credentials Vault

The secure credentials vault (SCV) lets you encrypt credentials Horizon uses. It stores credentials in the Java KeyStore (JKS) format.

The SCV is enabled by default.

Configure SCV password

A custom SCV password is defined by the org.opennms.features.scv.jceks.key property in ${OPENNMS_HOME}/etc/opennms.properties.d/svc.properties. The SCV keystore file is located at ${OPENNMS_HOME}/etc/scv.jce.

You cannot change the SCV password once credentials have been stored. You must delete ${OPENNMS_HOME}/etc/scv.jce and manually re-add any credentials if you want to change the password after the file has been created.

Store credentials

Entries in the SCV are identified by aliases. For each alias, you can store a username, a password, and a set of key-value pair attributes.

To access or add credentials, click Info  Secure Credentials Vault in the top menu bar.

Access entries

Metadata expressions

You can access SCV entries from metadata using the scv context.

Table 1. Example metadata expressions for accessing SCV entries
Expression Description

${scv:juniper-vm:username}

Accesses the username from the juniper-vm alias.

${scv:juniper-vm:password}

Accesses the password from the juniper-vm alias.

${scv:juniper-vm:user1}

Accesses the user1 property from the juniper-vm alias.

${scv:corp-directory:domain}

Accesses the domain property from the corp-directory alias.

Karaf commands

You can access and update SCV entries from the Karaf shell. To do so, follow the instructions below:

  1. Open an SSH session:

    ssh -p 8101 admin@localhost

  2. Access or update SCV entries using the shell.

    • Use the following command to set credentials:

      Set SCV entries
      admin@opennms()> scv-set --help
DESCRIPTION
        opennms:scv-set

	Sets and securely store the credentials for the given alias.

SYNTAX
        opennms:scv-set alias username password

ARGUMENTS
        alias
                Alias used to retrieve the credentials.
                (required)
        username
                Username to store.
                (required)
        password
                Password to store.
                (required)

    • Use the following command to access SCV entries:

      Get SCV entries
      admin@opennms()> scv-get --help
DESCRIPTION
        opennms:scv-get

	Retrieves the username and attributes for the given alias.

SYNTAX
        opennms:scv-get alias

ARGUMENTS
        alias
                Alias used to retrieve the credentials.
                (required)