Encrypt Password in db.properties
shadei...@gmail.com
shadei...@gmail.com
murtuza chhil
murtuza chhil
shadei...@gmail.com
Alejandro Revilla
In cfg/db.properties you can use something like this:
hibernate.connection.username=${db.username}
hibernate.connection.password=${db.password}
then you have several options:
Environment Variables
If you setup an environment variable called DB_USERNAME and DB_PASSWORD, the system will pick it from there. You can of course set that as part of your deployment strategy. Please note that the arbitrary names db.username gets capitalized, and dots replaced by underscore.
That’s just one way to do it, but we have better ones, keep reading:
Q2 Environment
Q2 supports environments, that you can change using the --environment or -E parameter. (see http://jpos.org/doc/proguide.pdf around page 47). The default environment is cfg/default.yml, but if you start Q2 using for instance q2 -Edevel, the system would read cfg/devel.yml instead (please note you can have many environments, i.e. q2 -Edefault,devel).
In your environment.yml file (i.e. cfg/default.yml) you can then define the username and password like this:
db:
username: jpos
password: mypass
But you can also pick those from an external file, i.e.:
db:
username: jpos
password: file::/var/secure/mypass.txt
In addition to that, jPOS has support for obfuscated environment variables. Obfuscated variables are not super secure, but can be useful for the ocassional lurker. It would read something like this:
db:
username: jpos
password: obf::XyFCJwAAAAZO/S+4WCMmaOkIPGr7foARmodeXcsgFJagkJ0f2Do=
Please note that obf::XyFCJwAAAAZO/S+4WCMmaOkIPGr7foARmodeXcsgFJagkJ0f2Do= expands to mypass.
You can easily create obfuscated environment variables using jPOS CLI’s obf command, i.e:
bin/q2 --cliand at the q2> prompt you type obf mypass
Please note that every time you run obf xxx it will create a different payload (there’s a random component there).
The interesting thing is that you can create an EnvironmentProvider and react to different prefixes. We have create an hsm:: provider that decrypts a variable from the HSM. You can also concatenate providers, to add additional security. Creating a provider is super simple (take a look at the FileEnvironmentProvider: https://github.com/jpos/jPOS/blob/master/jpos/src/main/java/org/jpos/core/FileEnvironmentProvider.java
Hope this helps
--
--
jPOS is licensed under AGPL - free for community usage for your open-source project. Licenses are also available for commercial usage. Please support jPOS, contact: sa...@jpos.org
---
You received this message because you are subscribed to the Google Groups "jPOS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jpos-users+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/a9136158-d06f-4070-94ce-9539a9109fb8n%40googlegroups.com.
shadei...@gmail.com
Hussain lala
Also can you mention the exact steps that will be needed for this approach and how to use the CLI as I have not used it before
Mark Salter
Please start a new thread instead of asking for details on a two year old one. -- Mark
-------- Original Message --------
To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/959749ef-689e-4a97-bff5-5df443dca104n%40googlegroups.com.
Alejandro Revilla
To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/959749ef-689e-4a97-bff5-5df443dca104n%40googlegroups.com.