spring.data.mongodb.uri=mongodb://user:secret#mongo1.example.com:12345,mongo2.e
xample.com:12345/mydb?replicaSet=rsdb
Here i want to encript the password(secret)with jasypt.So the url should be
like:
spring.data.mongodb.uri=mongodb://user:ENC(xIZhIV7nvOv5LqHfAKnvmjhyeecOT0lO)#mongo1.example.com:12345,mongo2.example.com:12345/mydb?replicaSet=rsdb
but mongo is not understanding the password even if the jasypt encryption logic is already implemented.
I got the solution:
Since it is not resolving encrypted value from url, we can put it in it's own property and then reference that property in the url.
spring.data.mongodb.password=ENC(xIZhIV7nvOv5LqHfAKnvmjhyeecOT0lO)
spring.data.mongodb.uri=mongodb://user:${spring.data.mongodb.password}#mongo1.example.com:12345,mongo2.example.com:12345/mydb?replicaSet=rsdb
Related
I am using storing MarkLogic access credentials in gradle.properties file as a plain text and it used while running Harmonization/ingestion/Corb jobs. As i am adding the credentials in the properties file as a plain text, its visible to everyone who has code access. What is best approach to encrypt these credentials
You could apply the gradle-credentials-plugin in order to use encrypted values for credentials.
Apply the nu.studer.credentials plugin to your Gradle project.
plugins {
id 'nu.studer.credentials' version '3.0'
}
https://github.com/marklogic-community/ml-gradle/wiki/Encrypting-passwords
https://www.marklogic.com/blog/protecting-password-ml-gradle/
https://help.marklogic.com/News/NewsItem/View/617/protecting-passwords-in-ml-gradle-projects
https://www.youtube.com/watch?v=KtBmH5ce2cU
CoRB also support encryption/decryption of passwords and components of the XCC connectionstring and can be configured with a DECRYPTER option, specifying a decrypter class such as PrivateKeyDecrypter or JasyptDecrypter, or HostKeyDecrypter.
I was reading this article Encrypting Environment Files to encrypt and decrypt the .env content.
as per the documentation, after running php artisan env:encrypt command, it generates a new .env.encrypted file, and also the output of the command is returning a Key.
To decrypt the content, the command is looking for LARAVEL_ENV_ENCRYPTION_KEY which always changes as soon as I encrypt the content. So I don't understand the best use of this feature.
Real Use case.
Let's suppose, I have added a new variable in the .env file and encrypted the file.
Now I shared this file with other team members, now I have to share the key as well to decrypt it.
after decrypting, another team member adds a new variable and he has to follow the same routine. encrypt, and share the key.
for decryption, you have to remove the .env file, and obviously LARAVEL_ENV_ENCRYPTION_KEY will never be found(or which might be changed because of the latest encryption), so you have to pass the --key option while decrypting the content.
'To decrypt the content, the command is looking for LARAVEL_ENV_ENCRYPTION_KEY which always changes as soon as I encrypt
the content. So I don't understand the best use of this feature.'
You can always provide your own encryption key while decrypting using:
php artisan env:decrypt --force --key=3UVsEgGVK36XN82KKeyLFMhvosbZN1aF
In addition, you can encrypt by provide the same encryption key using:
php artisan env:encrypt --force --key=3UVsEgGVK36XN82KKeyLFMhvosbZN1aF
The team members don't need to share a new encryption key every time they add a new environment variable to the .env file since they will always be using the same key to encrypt the edited .env file before adding/committing the regenerated .env.encrypted file to source control.
I have my multiservices app that use spring HttpSession on Redis.
All works fine but I want to know if is there a way to change the key value.
To understand better, spring stores session data on redis on key "spring:session:......"
I want to append the name of my app on the head:
"myappname:spring:session:...."
Someone knows if is it possible?
Thanks
In your properties file try to add :
spring.session.redis.namespace= myapp # Namespace for keys used to store sessions.
you will have somthing like:
spring:session:myapp
How can I generate TempURL for object on Object Storage of SoftLayer?
I currently use Ruby API and I can access my object after authenticate.
But for external End Users, I need to generate public URL for that object which is can be accessed without authentication process.
I tried to generate Temp URL with expiration, but I cannot find key for hexdigest() of HMAC. How can I found it? or is there any other way to get same result?
I can do it using the swift client like this:
We add the temporary urls secret keys with the command:
$ swift post -m "Temp-URL-Key:mykey"
We create the temporary URL:
$ swift-temp-url GET 3600 /v1/AUTH_d684780d-aafe-4772-bcbb-0f07d5f6edf3/a-container/data.txt mykey
it returns:
v1/AUTH_d684780d-aafe-4772-bcbb-0f07d5f6edf3/a-container/data.txt?temp_url_sig=19f067d38dc532883e8f02be3b43a172c61e51d2&temp_url_expires=1445615769
Then we can access to the file:
curl 'https://dal05.objectstorage.softlayer.net/v1/AUTH_d684780d-aafe-4772-bcbb-0f07d5f6edf3/a-container/data.txt?temp_url_sig=19f067d38dc532883e8f02be3b43a172c61e51d2&temp_url_expires=1445615769'
Some reference pages:
Here how to install and configure the swift client
http://sldn.softlayer.com/es/blog/waelriac/Managing-SoftLayer-Object-Storage-Through-REST-APIs
here how to create the temp URL
http://luisbg.blogalia.com/historias/74348
I hope it helps
Answer myself.
I finally wrote a code for it, after doing some more search on it including:
read related API codes from https://github.com/softlayer/softlayer-object-storage-ruby
read http://sldn.softlayer.com/es/blog/waelriac/Managing-SoftLayer-Object-Storage-Through-REST-APIs
after that, I found some hint from middle of the second document: the response Header contains this key!
X-Account-Meta-Temp-URL-Key
So, I wrote a code(method) for it and make pull request(https://github.com/softlayer/softlayer-object-storage-ruby/pull/10), and I hope it will merged soon.
anyway, If it is not accepted (yet), you can found my code at https://github.com/c12g/softlayer-object-storage-ruby
I am in the process of upgrading codeigniter from 1.7.2 to 2.0.1.
Everything seems to have gone ok except I get
In order to use the Session class you are required to set an encryption key in your config file.
What is the change in 2.0.0/2.0.1 that has caused this?
What change do I need to make to fix this.
Will making said change break anything?
ohai again https://www.codeigniter.com/user_guide/libraries/encryption.html :D
The reason they ask for an encryption key is security (obviously)
Note: Even if you are not using encrypted sessions, you must set an encryption key in your config file which is used to aid in preventing session data manipulation. - source: https://www.codeigniter.com/user_guide/libraries/sessions.html
This modification won't break your code. But be careful when updating from 1.7.2 to 2.0.1. I suggest you to backup your code :)
BTW they added this security improvement with the 2.0.0 version of CI. I don't know why they don't mention it in their upgrade guide though :(
add this to your config.php
$config['encryption_key'] = 'your_encryption_key_here';
./application/config/config.php
Encryption Key
---------------------
If you use the Encryption class or the Session class you
MUST set an encryption key. See the user guide for info.
$config['encryption_key'] = '02527-269-2503946-70386-34730519';