Hello Andreas!
Since current Linux and Unix distributions have environment variables
secured from other users nowadays, one way would be to inject them at
runtime via ${ENV_VARIABLE_NAME}.
A few examples are in our documentation:
https://shiro.apache.org/configuration.html
Let us know if that works for you.
- Ben
Am Mo., 2. Sept. 2024 um 17:05 Uhr schrieb Andreas Reichel
<[email protected]>:
>
> Greetings!
>
> We are using SHIRO to authenticate and authorise users vs JDBC and AD and it
> works just great in general. Thank your for providing this software.
> Unfortunately we are facing some concerns of clients, that Passwords for the
> JDBC or AD realms are written out in the SHIRO.INI file. I do not share those
> concerns, but I need to respond to it.
>
> So please allow me to ask: are there any standard options to obfuscate those
> passwords?
> (If not I would have to implement a simple ROT13 in the source code myself 😞).
>
> Thank you already for hints and cheers!
> Andreas
>
