...
- config files should be able to be emailed around without having to cleanse them
- config files (and warfiles) should not contain passwords so they can be stored in version control etc
- only people who have permissions on the production box will need to know the password, not developers who send them the war to deploy
- If someone finds a config file, they cannot see the password, and there is no documented way to unencrypt it
Setup externalized encrypted passwords POST 2.4.0 API patch #76
- In morphString.properties, set the encrypt.key entry to a random alphanumeric string, or a pathname of a file containing the alphanumeric string, or a scriptlet (encrypt.key.elConfig instead)
In subject.properties, and grouper.hibernate.properties, encrypt the passwords with:
Windows: (from grouper API dir)Code Block C:\mchyzer\isc\dev\grouper-qs-1.2.0\grouper>java -cp conf;build;lib/* edu.internet2.middleware.morphString.Encrypt Enter the location of morphString.properties: conf/morphString.properties Type the string to encrypt (note: pasting might echo it back): The encrypted string is: ede9aa3fe38e68d811107f886a941cc6
Unix:Code Block /opt/grouper-qs-1.2.0/grouper>java -cp conf:build:lib/* edu.internet2.middleware.morphString.Encrypt Enter the location of morphString.properties: conf/morphString.properties Type the string to encrypt (note: pasting might echo it back): The encrypted string is: ede9aa3fe38e68d811107f886a941cc6
Put results in a file, and put the file path where the passwords were in sources.xml or grouper.hibernate.properties (absolute file path must contain a slash)
Windows:Code Block hibernate.connection.password = c:/pass/myGrouper/mySource.pass
Unix:Code Block hibernate.connection.password = /opt/pass/myGrouper/mySource.pass
Info Note: an absolute path is required. The configuration will use the "/" directory delimiter to distinguish between an external file reference and a literal password string.
Setup externalized encrypted passwords PRE 2.4.0 API patch #76
- In morphString.properties, set the encrypt.key entry to a random alphanumeric string, or a pathname of a file containing the alphanumeric string
In sources.xml, and grouper.hibernate.properties, encrypt the passwords with:
Windows:Code Block C:\mchyzer\isc\dev\grouper-qs-1.2.0\grouper>java -jar lib\morphString.jar Enter the location of morphString.properties: conf/morphString.properties Type the string to encrypt (note: pasting might echo it back): The encrypted string is: ede9aa3fe38e68d811107f886a941cc6
Unix:Code Block /opt/grouper-qs-1.2.0/grouper>java -jar lib/morphString.jar Enter the location of morphString.properties: conf/morphString.properties Type the string to encrypt (note: pasting might echo it back): The encrypted string is: ede9aa3fe38e68d811107f886a941cc6
Put results in a file, and put the file path where the passwords were in sources.xml or grouper.hibernate.properties (absolute file path must contain a slash)
Windows:Code Block hibernate.connection.password = c:/pass/myGrouper/mySource.pass
Unix:Code Block hibernate.connection.password = /opt/pass/myGrouper/mySource.pass
Info Note: an absolute path is required. The configuration will use the "/" directory delimiter to distinguish between an external file reference and a literal password string.
...