On Friday, 28 September 2012 17:03:14 UTC+5:30, Murtaza Husain wrote: > > Hi, > > I am using a config file to store passwords / keys for DB and connection > to other services like AWS. > > I am using Travis CI for build, and running my tests, and then deploying > it to live server. > > I would like to encrypt the variables in my config file and only the > application should be able to read it. This is the criteria - > > 1) The application should be able to decrypt it in multiple environments, > from the build server to multiple deployment servers. > > 2) The password used to decrypt the config file is not avalaible to the > developers. >
Possibly a combination of techniques can help: 1. Maintain config as a map of profiles to corresponding env attributes in a .clj file. The sensitive attributes can be stored encrypted using the public key of the profile owner. 2. The "current" profile can be decided using a well-known system environment variable, e.g. APP_ENV 3. Have an app initializer (bootstrap.clj file) that initializes the app once at startup. The initialized env can be set using alter-var-root by the initializer. 4. The initializer should know in advance which keys are encrypted, and should decrypt them for only the relevant profile using the system user's private key. http://www.devco.net/archives/2006/02/13/public_-_private_key_encryption_using_openssl.php http://www.javamex.com/tutorials/cryptography/rsa_encryption_2.shtml (see the rsaEncrypt method; you can write a rsaDecrypt method similarly) Hope this helps. Shantanu -- You received this message because you are subscribed to the Google Groups "Clojure" group. To post to this group, send email to clojure@googlegroups.com Note that posts from new members are moderated - please be patient with your first post. To unsubscribe from this group, send email to clojure+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/clojure?hl=en
