Description
Following up on LOG4J2-1896, currently SecureSocketAppender can only be configured by specifying the passwords to the trust store and the key store in plain text in the log4j 2 configuration file.
Provide alternative configurations that obtain the password from different sources, for example:
- system environment variable
- file
Example configuration:
<Appenders>
<Socket name="socket" host="localhost" port="${sys:SecureSocketAppenderSocketOptionsTest.port}" protocol="SSL"
ignoreExceptions="false">
<JsonLayout properties="true"/>
<Ssl>
<KeyStore location="src/test/resources/org/apache/logging/log4j/core/net/ssl/client.log4j2-keystore.jks"
passwordEnvironmentVariable="KEYSTORE_PASSWORD" type="JKS" />
<TrustStore location="src/test/resources/org/apache/logging/log4j/core/net/ssl/truststore.jks"
passwordFile="${sys:user.home}/truststore.pwd" type="JKS" />
</Ssl>
</Socket>
</Appenders>
Attachments
Issue Links
- is related to
-
LOG4J2-2059 Refactor classes in core.net.ssl to allow non-KeyStore Providers
-
- Open
-
- relates to
-
-
- Resolved
-