- is-up-to-date
True
Encrypting Configuration Properties
It's recommended that configuration properties like access keys or passwords are encrypted since they contain sensitive data that shouldn't be publicly available to anyone but developers and administrators. In order to do that, follow the next steps (you need a system administrator for the first step):
Configure encryption by defining the following environment variables before starting Crafter:
CRAFTER_ENCRYPTION_KEYCRAFTER_ENCRYPTION_SALT
Open
bin/crafter-setenv.shfrom your install and modify the following:# -------------------- Encryption variables -------------------- export CRAFTER_ENCRYPTION_KEY=${CRAFTER_ENCRYPTION_KEY:="default_encryption_key"} export CRAFTER_ENCRYPTION_SALT=${CRAFTER_ENCRYPTION_SALT:="default_encryption_salt"}
- Encrypt the values using one of the following methods:
- Using the Crafter Commons Encryption Tool with the same key and salt values. You can find instructions of how to use it in
crafter-commons-encryption-tool. - Using the Encryption section from Crafter Studio. You can find instructions of how to use the tool in Crafter Studio
here <nav-menu-encryption-tool>
- Using the Crafter Commons Encryption Tool with the same key and salt values. You can find instructions of how to use it in
Put the encrypted values in your configuration file using placeholders and a prefix:
${enc:...}. Example:<profile> <api> <accessTokenId>${enc:q3l5YNoKH38RldAkg6EAGjxlI7+K7Cl4iEmMJNlemNOjcuhaaQNPLwAB824QcJKCbEeLfsg+QSfHCYNcNP/yMw==}</accessTokenId> </api> </profile>
The encrypted properties work in the following files:
- Engine Project Configuration (
/config/engine/site-config.xml)- Studio AWS Profiles (
/config/studio/aws/aws.xml)- Studio Box Profiles (
/config/studio/box/box.xml)- Studio WebDAV Profiles (
/config/studio/webdav/webdav.xml)- Deployer Target Configuration (
$CRAFTER_HOME/data/deployer/targets/*.yaml)