@LdapIdentityStoreDefinition read bindDnPassword from environment variable or property file in WildFly

Question

I am having a challenging time achieving a security common pattern of loading secrets from an environment variable or a properties file. I am tring to load the password of an openLDAP admin user in jakarta-ee annotation @LdapIdentityStoreDefinition

My question is very similar to this Payara container question but for Wildfly.

I havent considered migrating to Payara yet. I am open to migrating since this is my pet project and i had already migrated from Tomcat to Wildfly. I am using docker image Wildfly with JDK 21 quay.io/wildfly/wildfly:32.0.0.Final-1-jdk21

I have tried using multiple options and i have tested with the plain text password and it works. I cannot commit the code with the password in plain sight.

@LdapIdentityStoreDefinition(
        url = "ldap://openldap:389",  // Replace with your server details
        callerBaseDn = "cn=admin,dc=example,dc=org",
        groupSearchBase = "dc=example,dc=org",
        bindDn = "cn=admin,dc=example,dc=org",
//        bindDnPassword ="#{login.bindDnPassword}" // bind Distinguished Name
)

Answer 1

#{login.bindDnPassword} is an Expresion Language expression, so by default it resolves to a CDI bean named "login".

If you add a bean, something like:

    @Named("login")
    public class LoginBean {
    
       public String getBindDnPassword() {
           return ... // get password from ENV, file, whatever
       }
    }

Then it should work.