Encrypt Sensitive Values
In a downloaded project, the bin/twigcrypt/twigcrypt.sh utility is available to encrypt sensitive string values, such a passwords, at the command line. It uses a two-way encryption mechanism, so anywhere in the code this is used the value can be decrypted.
To encrypt a value, run the following (note the single quotes around yourSensitiveValue):
./twigcrypt.sh yourSecretSeed 'yourSensitiveValue'This outputs an encrypted string. You must copy the whole string and paste into your configuration file.
For example, in your src/main/resources/conf/platforms/fusion/fusion.conf file, add:
username:jbloggs
password:Enc(ABC123==)Then you must also configure the seed in the application’s security configuration, in src/main/resources/conf/security/security.conf:
password: yourSecretSeedWherever this configuration parameter is used, it will be decrypted back to plain text at the time it is used.
| Lucidworks recommends using a randomly-generated alphanumeric seed (special characters can cause problems). |
Adding sensitive configuration parameters to Spring Security XML files
Two options for handling sensitive configuration parameters with Appkit and App Studio Spring Security XML files are:
-
Environment variables
-
Configuration parameters
Passing environment variables
Assuming there is already a configuration file wired up for property lookup, you can use the following property using the environment variable USER_TEST:
my property: \#{systemEnvironment['USER_TEST']}Passing in configuration parameters
Use a system property passed at startup with -Duser_test=myvalue:
my property: \#{systemProperties['user_test']}