Skip to content

Setup UI Login System

Jump to bottom
Alaa Ben Fatma edited this page May 3, 2021 · 1 revision

The UI login System

Credential digger can be deployed as a web application, thus giving anyone, who knows the IP:PORT through which we can access the tool, the possibility to access sensitive information about the repos that are being scanned- especially in the context of an Enterprise. The login mechanism fixes this issue by giving the right to access the scanner to only those who know the password.

UI

How to enable the login feature

  1. In order to enable the UI login mechanism, the two environment variables UI_PASSWORD and the SECRET_KEY have to be set in the .env.
  • The UI_PASSWORD is the password the user has to enter when accessing the tool for the first time upon deployment.
  • The SECRET_KEY is used to sign the JWT (JSON Web Token) that will stored in order to indicate that the user has entered a correct password.
  1. Start the docker container

Generating a SECRET_KEY

In order to generate a SECRET_KEY, run the following command:

python -c 'import os; print(os.urandom(24).hex())'

🚨 Both the UI_PASSWORD and SECRET_KEY variables must never be exposed.

Important

It is also recommended, but not mandatory, to enable this login system when the application is running over the HTTPS protocol. Refer to this wiki on how to enable HTTPS support.

Setup

User interfaces

Features

Architecture

Clone this wiki locally