Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add documentation for API key prefix, and set default to odt_ #3047

Merged
merged 3 commits into from Sep 23, 2023
Merged

Add documentation for API key prefix, and set default to odt_ #3047

merged 3 commits into from Sep 23, 2023

Conversation

nscuro
Copy link
Member

@nscuro nscuro commented Sep 21, 2023

Description

Adds documentation for the alpine.api.key.prefix configuration option, and sets the default for it to odt_ (OWASP Dependency-Track). Having a deterministic prefix makes scanning for leaked secrets more robust.

Addressed Issue

Closes #2543

Also fixes #3043

Additional Details

Checklist

  • I have read and understand the contributing guidelines
  • This PR fixes a defect, and I have provided tests to verify that the fix is effective
  • This PR implements an enhancement, and I have provided tests to verify that it works as intended
  • This PR introduces changes to the database model, and I have added corresponding update logic
  • This PR introduces new or alters existing behavior, and I have updated the documentation accordingly

@nscuro nscuro added enhancement New feature or request documentation Improvements or additions to documentation labels Sep 21, 2023
@nscuro
Add API key prefix odt_
56380cd 
Overriding the default `alpine_` prefix. Support for API key prefixes was added in stevespringett/Alpine#496

Signed-off-by: nscuro <nscuro@protonmail.com>
@nscuro
Remove misleading configuration options
fc5d5d4 
Removes `alpine.enforce.authentication` and `alpine.enforce.authorization` from `application.properties` and documentation. Settings those values to `false` is not supported.

Fixes DependencyTrack#3043

Signed-off-by: nscuro <nscuro@protonmail.com>
@nscuro
Add alpine.api.key.prefix to documentation
3ade7d4 
Signed-off-by: nscuro <nscuro@protonmail.com>
@nscuro nscuro merged commit 593ab00 into DependencyTrack:master Sep 23, 2023
9 checks passed
@nscuro nscuro deleted the api-key-prefix branch October 6, 2023 14:30
@sahibamittal sahibamittal mentioned this pull request Oct 19, 2023
Closed
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Nov 6, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
documentation Improvements or additions to documentation enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Misleading configuration documentation Enhanced format of API keys (for easier leak detection)
1 participant
@nscuro