Actually, I have this *almost* working (using Jasypt). The only problem
is that you need an encryption password to decrypt the properties (it
must be the same password used to encrypt the properties in the first
place). I have it hard-coded for now ("confman1234"), but it should
probably be configurable. The question: Where do I put that password? In
yet another properties file loaded by confman? Seems a bit hokey and
just moves the security problem.
Anyone have any suggestions about where I could keep the encryption
password?
Alin Dreghiciu (JIRA) wrote:
> [
> http://issues.ops4j.org/jira/browse/CONFMAN-11?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=11821#action_11821
> ]
>
> Alin Dreghiciu commented on CONFMAN-11:
> ---------------------------------------
>
> Sounds useful, so give it a try :)
> You know, you can commit any time.
>
>
>> Encrypted properties
>> --------------------
>>
>> Key: CONFMAN-11
>> URL: http://issues.ops4j.org/jira/browse/CONFMAN-11
>> Project: Pax ConfMan
>> Issue Type: New Feature
>> Reporter: Craig Walls
>> Assignee: Alin Dreghiciu
>> Priority: Minor
>>
>> Sometimes it may be desirable to configure a bundle(s) with sensitive
>> information such as user credentials or even JDBC URLs with embedded
>> credentials. Doing so with a simple properties file leaves that information
>> out in the open.
>> It would be nice if ConfMan could optionally contain encrypted values,
>> perhaps using Jasypt to decrypt those values before handing them off to the
>> bundles that need them.
>> In my own bundles, it would be easy enough to use Jasypt to decrypt those
>> values. But let's say that I want to configure the admin username and
>> password for the Felix web console. The web console expects those properties
>> to be unencrypted, but I am hesitant to put them unencrypted in a properties
>> file.
>>
>
>
_______________________________________________
general mailing list
general@lists.ops4j.org
http://lists.ops4j.org/mailman/listinfo/general
