Encrypt Sensitive Values

In a downloaded project, the bin/twigcrypt/twigcrypt.sh utility is available to encrypt sensitive string values, such a passwords, at the command line. It uses a two-way encryption mechanism, so anywhere in the code this is used the value can be decrypted.

To encrypt a value, run the following (note the single quotes around yourSensitiveValue):

./twigcrypt.sh yourSecretSeed 'yourSensitiveValue'

This outputs an encrypted string. You must copy the whole string and paste into your configuration file.

For example, in your src/main/resources/conf/platforms/fusion/fusion.conf file, add:

username:jbloggs
password:Enc(ABC123==)

Then you must also configure the seed in the application’s security configuration, in src/main/resources/conf/security/security.conf:

password: yourSecretSeed

Wherever this configuration parameter is used, it will be decrypted back to plain text at the time it’s used.

Note
Lucidworks recommends using a randomly-generated alphanumeric seed (special characters can cause problems).

Adding sensitive configuration parameters to Spring Security XML files

Two options for handling sensitive configuration parameters with Appkit and App Studio Spring Security XML files are:

  • Environment variables

  • Configuration parameters

Passing environment variables

Assuming there is already a configuration file wired up for property lookup, you can use the following property using the environment variable USER_TEST:

my property: \#{systemEnvironment['USER_TEST']}

Passing in configuration parameters

Use a system property passed at startup with -Duser_test=myvalue:

my property: \#{systemProperties['user_test']}