Passwords and security
139 views
Skip to first unread message
Eugene Boado
Apr 22, 2013, 8:34:51 PM4/22/13
to scrip...@googlegroups.com
Hi All!
Thanks
Eugene
Fyodor Kupolov
Apr 26, 2013, 3:55:34 PM4/26/13
to scrip...@googlegroups.com
I don't think it's possible now. I would appreciate if you provide an example of how this can be designed properly
Sent from a phone. Please forgive typos...
--
You received this message because you are subscribed to the Google Groups "Scriptella ETL" group.
To unsubscribe from this group and stop receiving emails from it, send an email to scriptella+...@googlegroups.com.
To post to this group, send email to scrip...@googlegroups.com.
Visit this group at http://groups.google.com/group/scriptella?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
Cory Comer
Apr 26, 2013, 4:46:24 PM4/26/13
to scrip...@googlegroups.com
Hmm, I'm shooting from the hip here, but in the <properties> node, when you include a properties file, it looks like you can run jexl expressions/functions in the included file:
e.g.,
etl.properties
current_date = ${date:today('yyyyMMdd')}
etl.xml
<!DOCTYPE etl SYSTEM "http://scriptella.javaforge.com/dtd/etl.dtd">
<etl>
<properties>
<include href="etl.properties"/>
</properties>
<connection id="log" driver="text"/>
<script connection-id="log">Date: ${current_date}</script>
</etl>
$ scriptella -q
Date: 20130426
So you could do something like the extended jexl functions date, class, text, etc... http://scriptella.javaforge.com/reference/index.html#Expressions+and+Variables+Substitution for a gpg file, and have your etl.properties have something like
etl.properties
rootpwd = ${gpg:read('rootpwd')}
and maybe it looks for a etl.properties.gpg file that is encrypted, decrypts the file, and grabs the variable out of it and stuffs it into the rootpwd variable so it can be used in the driver's context? That way you're not having to modify your integrations, just update your properties file to support the encrypted data?
We do something similar for our database passwords and such as part of our Puppet/Heira implementation, Heira has a gpg driver that handles the encryption and the rest of the implementation uses the regular heira() function to fetch those variables.
e.g.,
etl.properties
current_date = ${date:today('yyyyMMdd')}
etl.xml
<!DOCTYPE etl SYSTEM "http://scriptella.javaforge.com/dtd/etl.dtd">
<etl>
<properties>
<include href="etl.properties"/>
</properties>
<connection id="log" driver="text"/>
<script connection-id="log">Date: ${current_date}</script>
</etl>
$ scriptella -q
Date: 20130426
So you could do something like the extended jexl functions date, class, text, etc... http://scriptella.javaforge.com/reference/index.html#Expressions+and+Variables+Substitution for a gpg file, and have your etl.properties have something like
etl.properties
rootpwd = ${gpg:read('rootpwd')}
and maybe it looks for a etl.properties.gpg file that is encrypted, decrypts the file, and grabs the variable out of it and stuffs it into the rootpwd variable so it can be used in the driver's context? That way you're not having to modify your integrations, just update your properties file to support the encrypted data?
We do something similar for our database passwords and such as part of our Puppet/Heira implementation, Heira has a gpg driver that handles the encryption and the rest of the implementation uses the regular heira() function to fetch those variables.
Cory Comer
Apr 26, 2013, 4:48:06 PM4/26/13
to scrip...@googlegroups.com
Here's a blog post that talks about how this is done with the hiera gpg driver, for reference:
http://www.craigdunn.org/2011/10/secret-variables-in-puppet-with-hiera-and-gpg/
http://www.craigdunn.org/2011/10/secret-variables-in-puppet-with-hiera-and-gpg/
Reply all
Reply to author
Forward
0 new messages