In cfg/db.properties
you can use something like this:
hibernate.connection.username=${db.username}
hibernate.connection.password=${db.password}
then you have several options:
If you setup an environment variable called DB_USERNAME
and DB_PASSWORD
, the system will pick it from there. You can of course set that as part of your deployment strategy. Please note that the arbitrary names db.username
gets capitalized, and dots replaced by underscore.
That’s just one way to do it, but we have better ones, keep reading:
Q2 supports environments, that you can change using the --environment
or -E
parameter. (see http://jpos.org/doc/proguide.pdf around page 47). The default environment is cfg/default.yml
, but if you start Q2 using for instance q2 -Edevel
, the system would read cfg/devel.yml
instead (please note you can have many environments, i.e. q2 -Edefault,devel
).
In your environment.yml file (i.e. cfg/default.yml) you can then define the username and password like this:
db:
username: jpos
password: mypass
But you can also pick those from an external file, i.e.:
db:
username: jpos
password: file::/var/secure/mypass.txt
In addition to that, jPOS has support for obfuscated environment variables. Obfuscated variables are not super secure, but can be useful for the ocassional lurker. It would read something like this:
db:
username: jpos
password: obf::XyFCJwAAAAZO/S+4WCMmaOkIPGr7foARmodeXcsgFJagkJ0f2Do=
Please note that obf::XyFCJwAAAAZO/S+4WCMmaOkIPGr7foARmodeXcsgFJagkJ0f2Do=
expands to mypass
.
You can easily create obfuscated environment variables using jPOS CLI’s obf
command, i.e:
bin/q2 --cli
and at the q2>
prompt you type obf mypass
Please note that every time you run obf xxx
it will create a different payload (there’s a random component there).
The interesting thing is that you can create an EnvironmentProvider
and react to different prefixes. We have create an hsm::
provider that decrypts a variable from the HSM. You can also concatenate providers, to add additional security. Creating a provider is super simple (take a look at the FileEnvironmentProvider
: https://github.com/jpos/jPOS/blob/master/jpos/src/main/java/org/jpos/core/FileEnvironmentProvider.java
Hope this helps
--
--
jPOS is licensed under AGPL - free for community usage for your open-source project. Licenses are also available for commercial usage. Please support jPOS, contact: sa...@jpos.org
---
You received this message because you are subscribed to the Google Groups "jPOS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jpos-users+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/a9136158-d06f-4070-94ce-9539a9109fb8n%40googlegroups.com.
Please start a new thread instead of asking for details on a two year old one. -- Mark
To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/959749ef-689e-4a97-bff5-5df443dca104n%40googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jpos-users/959749ef-689e-4a97-bff5-5df443dca104n%40googlegroups.com.