Issue 2551182
Created on 2021-12-12 00:31 by rouilj, last changed 2022-01-04 03:24 by rouilj.
msg7416 |
Author: [hidden] (rouilj) |
Date: 2021-12-12 00:31 |
|
The tracker config.ini has multiple secret tokens in it:
etag token
jwt token
it would be nice to be able to put a placeholder these fields that allows
the contents of an external file to be loaded.
This would allow the config file to be stored in CM safely.
Maybe use a (pseudo) file url?
file://filename is an invalid URL, interpret it as filename relative to the
tracker home.
file:///home/roundup/filename valid URL for file at /home/roundup/filename
absolute path
in both these cases, file:// should not start a valid token so easy to identify.
This may also be useful for issue2551064 if we need to rotate keys or specify
multiple keys. Each line could be a separate key.
|
msg7418 |
Author: [hidden] (rouilj) |
Date: 2021-12-14 04:56 |
|
Also consider checking to see if the file is executable. If so execute it and
store the first line as the value.
This is to permit use of a secrets management vault for a value.
This could be useful for extensions or detectors config.ini
files for configuring an LDAP access password for handling non-anonymous auth.
|
msg7432 |
Author: [hidden] (rouilj) |
Date: 2022-01-04 03:24 |
|
Done in changeset: 6578:b1f1539c6a31
Also included [mail] password and [rdbms] password
It does not check for executability.
Note the files are loaded when the secrets are used. So for some like the jwt
or mail password may not load till well after the server is started.
|
|
Date |
User |
Action |
Args |
2022-01-04 03:24:52 | rouilj | set | status: open -> fixed resolution: fixed messages:
+ msg7432 |
2022-01-04 02:24:59 | rouilj | set | status: new -> open priority: normal components:
+ Web interface assignee: rouilj |
2021-12-14 04:56:02 | rouilj | set | messages:
+ msg7418 |
2021-12-12 00:31:13 | rouilj | create | |
|