Product Selector

Fusion 5.9
    Fusion 5.9

    Encrypt Sensitive Values

    In a downloaded project, the bin/twigcrypt/twigcrypt.sh utility is available to encrypt sensitive string values, such a passwords, at the command line. It uses a two-way encryption mechanism, so anywhere in the code this is used the value can be decrypted.

    To encrypt a value, run the following (note the single quotes around yourSensitiveValue):

    ./twigcrypt.sh yourSecretSeed 'yourSensitiveValue'

    This outputs an encrypted string. You must copy the whole string and paste into your configuration file.

    For example, in your src/main/resources/conf/platforms/fusion/fusion.conf file, add:

    username:jbloggs
    password:Enc(ABC123==)

    Then you must also configure the seed in the application’s security configuration, in src/main/resources/conf/security/security.conf:

    password: yourSecretSeed

    Wherever this configuration parameter is used, it will be decrypted back to plain text at the time it is used.

    Lucidworks recommends using a randomly-generated alphanumeric seed (special characters can cause problems).

    Adding sensitive configuration parameters to Spring Security XML files

    Two options for handling sensitive configuration parameters with Appkit and App Studio Spring Security XML files are:

    • Environment variables

    • Configuration parameters

    Passing environment variables

    Assuming there is already a configuration file wired up for property lookup, you can use the following property using the environment variable USER_TEST:

    my property: \#{systemEnvironment['USER_TEST']}

    Passing in configuration parameters

    Use a system property passed at startup with -Duser_test=myvalue:

    my property: \#{systemProperties['user_test']}