[
https://issues.apache.org/jira/browse/FELIX-4599?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14318427#comment-14318427
]
Chetan Mehrotra commented on FELIX-4599:
----------------------------------------
bq. another option is that the config admin simply writes all properties
encrypted to disk and decrypts on reading
One possible problem would be that components like Config WebConsole plugin or
JMX Access can reveal the plain text secrets. We would need to have filtering
applied at those layers. One can say that if someone has access to
JMX/WebConsole then he can extract info via other means (deploy a custom
bundle). However what i want to avoid is accedental leakage of such data by an
administrator who can be asked to provide a dump of configuration status. As of
now he cannot provide the dump without redacting sensitive config values
> Support Encryption Of Configuration Properties
> ----------------------------------------------
>
> Key: FELIX-4599
> URL: https://issues.apache.org/jira/browse/FELIX-4599
> Project: Felix
> Issue Type: New Feature
> Components: Configuration Admin
> Reporter: Dominique Jäggi
>
> Currently it is not possible to define configuration properties, the contents
> of which should be automatically encrypted upon save by the configuration
> admin.
> An example would be a mail server configuration, where SMTP credentials must
> specified and the password should be encrypted upon saving the configuration.
> The encrypted password should then be accessible and decryptable in the
> component to which the configuration is bound.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
