info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Protected/Encrypted Properties Strategy
44 views
Skip to first unread message
Chris
Jan 13, 2022, 8:35:26 AM1/13/22
to
Our TDI usage spreads across a handful of Windows (developers') workstations, 6 Windows servers, and 3 Linux servers. We run TDI 7.1.1 everywhere.
We have a growing need to better manage and share our "source code." Configs are pretty portable, of course. The challenge I'm hoping I can get some advice on is with Properties--particularly protected/encrypted properties.
If I create a properties file on my machine, any protected values are encrypted based on my stash file, and so aren't usable by anybody else or on any other machines without wholesale decryption, sharing, and then re-encryption.
Any suggestions on how to share encrypted properties across multiple machines without having to expose them as plain text?
Cheers,
Chris
We have a growing need to better manage and share our "source code." Configs are pretty portable, of course. The challenge I'm hoping I can get some advice on is with Properties--particularly protected/encrypted properties.
If I create a properties file on my machine, any protected values are encrypted based on my stash file, and so aren't usable by anybody else or on any other machines without wholesale decryption, sharing, and then re-encryption.
Any suggestions on how to share encrypted properties across multiple machines without having to expose them as plain text?
Cheers,
Chris
Eddie Hartman
Jan 14, 2022, 2:05:54 AM1/14/22
to
This is the sticky bit, Chris. Unless you are all using the same keystore, and therefore have the same server key, you will have to devise a strategy for decrypting assets like properties before sharing. If you are using git to share TDI work (which I recommend) then you could use push and pull hooks in git to handle this.
Or you could handle encryption/decryption yourself based on either a password or a shared cert key, for example by implementing your own get/setProperty function.
Hope this helps!
/Eddie
Or you could handle encryption/decryption yourself based on either a password or a shared cert key, for example by implementing your own get/setProperty function.
Hope this helps!
/Eddie
Chris
Jan 18, 2022, 10:25:12 AM1/18/22
to
On Friday, January 14, 2022 at 1:05:54 AM UTC-6, Eddie Hartman wrote:
...If you are using git to share TDI work (which I recommend) then you could use push and pull hooks in git to handle this.
Thanks, as always, Eddie. We're using Git, for sure, but I'm pretty inexperienced. Are you aware of a tutorial anywhere that might describe how to use their push and pull hooks to get us where we want to go?
Cheers,
Chris
...If you are using git to share TDI work (which I recommend) then you could use push and pull hooks in git to handle this.
Thanks, as always, Eddie. We're using Git, for sure, but I'm pretty inexperienced. Are you aware of a tutorial anywhere that might describe how to use their push and pull hooks to get us where we want to go?
Cheers,
Chris
Eddie Hartman
Jan 19, 2022, 3:58:23 AM1/19/22
to
TDI developer and allround wiz, Jens Thomassen, said it is better to use a shared cert for encrypting properties and files. Here's an article detailing how to do this:
https://www.ibm.com/docs/en/sdi/7.2.0.3?topic=security-working-encrypted-directory-integrator-configuration-files
Let me know how this works out for y'all!
/Eddie
https://www.ibm.com/docs/en/sdi/7.2.0.3?topic=security-working-encrypted-directory-integrator-configuration-files
Let me know how this works out for y'all!
/Eddie
0 new messages