Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Activiti db password encryption #1962

Closed
sagitsofan opened this issue Aug 9, 2018 · 8 comments
Closed

Activiti db password encryption #1962

sagitsofan opened this issue Aug 9, 2018 · 8 comments
Projects
Activiti 5.x
Milestone
NonActiviti7

Comments

@sagitsofan
Copy link

Hey,
Don't you have an infrastructure for encryption db password inside Avctiviti engine?
In this guide: https://www.activiti.org/assets/pdf/Alfresco_Content_Services_Administration_Guide_2017.pdf"
page 360 you explain about how to encrypt the password inside the db.properties file.

But when i am looking at the source code i cant see any decryption of the password key.
File: "DbSchemaExport.java" line: 48, the code is just reading the value without any support to decryption.

image
@balsarori
Copy link
Member

Hey @sagitsofan
Thats specific to ACS not the Activiti engine. In Activiti engine there is no encryption/decryption done. However, you can encrypt and decrypt values yourself and set the password to Activiti engine configuration (ProcessEngineConfiguration) directly.

@sagitsofan
Copy link
Author

Thank you for the answer.
Can you please explain on how to enc / dec using the ProcessEngineConfiguration ?

@balsarori
Copy link
Member

If you are using spring boot then you can use this lib to automatically encrypt/decrypt properties for you https://github.com/ulisesbocchio/jasypt-spring-boot
Then set the properties to ProcessEngineConfiguration instance.

@sagitsofan
Copy link
Author

I am already using the "jasypt-spring-boot lib"
But i don't know where can i add the encryption/decryption logic for the db password.
Can you guide me where exactly can i add the change? in which line / class?
Thanks!

@balsarori
Copy link
Member

what version of Activiti are you using?

In 5.22 and 6.0, you just get the password property (which should have been already decrypted) and set it to
https://www.activiti.org/javadocs/org/activiti/engine/processengineconfiguration#setJdbcPassword-java.lang.String-

@sagitsofan
Copy link
Author

I am using Activiti version 5.18.

I want to add a piece of code in the rest api that handles the decryption (using jasypt lib) of the password from db.properties before connecting to db.
Where is exactly the place i need to add this logic?
I can't find the class that takes "jdbc.password" property from db.properties file.

@salaboy
Copy link
Contributor

salaboy commented Aug 13, 2018

Guys, this sounds more like a user question than an issue. Can you guys move the conversation to the forums?

@balsarori
Copy link
Member

@sagitsofan you can post your question here -> https://community.alfresco.com/community/bpm

@salaboy salaboy added this to the NonActiviti7 milestone Nov 1, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
Activiti 5.x
  
Awaiting triage
Milestone
NonActiviti7
Development

No branches or pull requests
3 participants
@salaboy @sagitsofan @balsarori