how to securely store parameters in config files
144 views
Skip to first unread message
Murtaza Husain
Sep 28, 2012, 7:33:14 AM9/28/12
to clo...@googlegroups.com
Hi,
I am using a config file to store passwords / keys for DB and connection to other services like AWS.
I am using Travis CI for build, and running my tests, and then deploying it to live server.
I would like to encrypt the variables in my config file and only the application should be able to read it. This is the criteria -
1) The application should be able to decrypt it in multiple environments, from the build server to multiple deployment servers.
2) The password used to decrypt the config file is not avalaible to the developers.
Also are there any leiningen plugins / features that will aid in this ?
Thanks,
Murtaza
I am using a config file to store passwords / keys for DB and connection to other services like AWS.
I am using Travis CI for build, and running my tests, and then deploying it to live server.
I would like to encrypt the variables in my config file and only the application should be able to read it. This is the criteria -
1) The application should be able to decrypt it in multiple environments, from the build server to multiple deployment servers.
2) The password used to decrypt the config file is not avalaible to the developers.
Also are there any leiningen plugins / features that will aid in this ?
Thanks,
Murtaza
Kevin Downey
Sep 28, 2012, 1:41:14 PM9/28/12
to clo...@googlegroups.com
if you use a password to encrypt your config, you will need config2
for the password, and of course you do not want people to have access
to config2, so you should encrypt that, and put the password in
config3, and ...
I recommend using lein test selectors to split out tests that hit
external services in to a different class of tests, tests that don't
require the credentials can be loaded and run by anyone, tests that do
require a config file that is not checked in.
> --
> You received this message because you are subscribed to the Google
> Groups "Clojure" group.
> To post to this group, send email to clo...@googlegroups.com
> Note that posts from new members are moderated - please be patient with your
> first post.
> To unsubscribe from this group, send email to
> clojure+u...@googlegroups.com
> For more options, visit this group at
> http://groups.google.com/group/clojure?hl=en
--
And what is good, Phaedrus,
And what is not good—
Need we ask anyone to tell us these things?
for the password, and of course you do not want people to have access
to config2, so you should encrypt that, and put the password in
config3, and ...
I recommend using lein test selectors to split out tests that hit
external services in to a different class of tests, tests that don't
require the credentials can be loaded and run by anyone, tests that do
require a config file that is not checked in.
> You received this message because you are subscribed to the Google
> Groups "Clojure" group.
> To post to this group, send email to clo...@googlegroups.com
> Note that posts from new members are moderated - please be patient with your
> first post.
> To unsubscribe from this group, send email to
> clojure+u...@googlegroups.com
> For more options, visit this group at
> http://groups.google.com/group/clojure?hl=en
--
And what is good, Phaedrus,
And what is not good—
Need we ask anyone to tell us these things?
Joshua Ballanco
Sep 30, 2012, 10:20:54 AM9/30/12
to clo...@googlegroups.com
A common strategy in this sort of scenario is to have a config file containing the "real" keys installed in some shared location on your production servers. Then, you can generate Travis specific keys that you check into your repo. The idea is that if you ever fear the keys you use with Travis have leaked, you can quickly revoke them without any effect on your production machines.
- Josh
--
Joshua Ballanco
ELC Technologies™
P +1 866.863.7365
F +1 877.658.6313
1771 NW Pettygrove Street, Suite 140
Portland, OR, 97209
jballanco@elctech.comP +1 866.863.7365
F +1 877.658.6313
--
Shantanu Kumar
Sep 30, 2012, 12:38:17 PM9/30/12
to clo...@googlegroups.com
On Friday, 28 September 2012 17:03:14 UTC+5:30, Murtaza Husain wrote:
Hi,
I am using a config file to store passwords / keys for DB and connection to other services like AWS.
I am using Travis CI for build, and running my tests, and then deploying it to live server.
I would like to encrypt the variables in my config file and only the application should be able to read it. This is the criteria -
1) The application should be able to decrypt it in multiple environments, from the build server to multiple deployment servers.
2) The password used to decrypt the config file is not avalaible to the developers.
Possibly a combination of techniques can help:
1. Maintain config as a map of profiles to corresponding env attributes in a .clj file. The sensitive attributes can be stored encrypted using the public key of the profile owner.
2. The "current" profile can be decided using a well-known system environment variable, e.g. APP_ENV
3. Have an app initializer (bootstrap.clj file) that initializes the app once at startup. The initialized env can be set using alter-var-root by the initializer.
4. The initializer should know in advance which keys are encrypted, and should decrypt them for only the relevant profile using the system user's private key.
http://www.javamex.com/tutorials/cryptography/rsa_encryption_2.shtml (see the rsaEncrypt method; you can write a rsaDecrypt method similarly)
Hope this helps.
Shantanu
Reply all
Reply to author
Forward
0 new messages