grouper-users - Re: [grouper-users] Keeping secrets secret
Subject: Grouper Users - Open Discussion List
List archive
- From: "Poddar, Amit" <>
- To: Darren Boss <>, Alex Poulos <>
- Cc: " Mailing List" <>
- Subject: Re: [grouper-users] Keeping secrets secret
- Date: Mon, 27 Apr 2020 15:02:51 +0000
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=yale.edu; dmarc=pass action=none header.from=yale.edu; dkim=pass header.d=yale.edu; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=bxW6eUD6qQwjFN7R76EUl3X5T2FplP58VPHmWxm0G/o=; b=Qc75UtJLNy+hV2um/UYJvmuDuEf1dyZExkxm6vKGdRW7cm/4ECsPK+oe8Vqmw6II/819DcsaPABaQxRwUHFqIgQJJJfAnTKcla/FVgYaVkDIbQpcEAlui1b/j51MJYRhL2htl8UJGQqRJ7XagR4iAqRmtqJre1ZTYibseNAUi1AhhEnS1DEjmxWba+XUM89mE2g1yBNFQOj4rQjn1+fy7SB3Ou9LMox02P+qaA6vSMd61fkd53qFvxAK/+XmJs9fUzpgN7uanpf1seI3Xb0wFAKtsF+vjEK5uP4eicMom7NfcxeHan/2sGCLDRxzrF76T8MNAoshGwc+6n7kcJwCEA==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bMxNS/gwaDHxlpOmzApy1eO/nWwGwYTnI5OKU7fm9kpzCiqg0jHubp1iOKQ1N2LTDuilvCTQ0giwegZld5XbtVDb0nhtOH6slteb2NKcSM1rQldNnGpyJetPOU/39kLizLvZMvMPQv2QJ6tf6hfxigkKZAgFOt7gDlnpTlbrpXxVljo7fwg3B9EdVOyLu+ZEnU2D3I+ajePyiWMI7mSrfz/tV0MNzAlWToBy6S2Asv4Wa3TBL57Zc9KhvSeczSAu2Yn9D8wLDn1f9B1icFPiUtCpOzNSd3vt2hZvWBykb4hmn9aUzhl8FxKHxwr54CVQjbmGTEUQTGtnQ9nHhbhAww==
Hi,
This is possible since which version of grouper?
Thanks,
Amit
From: <> on behalf of Alex Poulos <>
Sent: Monday, April 27, 2020 10:51 AM
To: Darren Boss <>
Cc: Mailing List <>
Subject: Re: [grouper-users] Keeping secrets secret
Sent: Monday, April 27, 2020 10:51 AM
To: Darren Boss <>
Cc: Mailing List <>
Subject: Re: [grouper-users] Keeping secrets secret
You can use env variables and read from these within a config file. Here's an example:
hibernate.connection.password.elConfig = ${java.lang.System.getenv().get('DATABASE_PASSWORD')}
(Note the .elConfig at the end of the config parameter: this lets you use JEXL).
You can then populate DATABASE_PASSWORD however you wish (k8s secret e.g.)
On Mon, Apr 27, 2020 at 10:42 AM Darren Boss <> wrote:
Is there any documentation or guidance on pulling out secrets from Grouper configuration files?
I found https://spaces.at.internet2.edu/pages/viewpage.action?pageId=14517786&preview=%2F14517786%2F159979514%2F20191211-TechEx-TAP-Containers-Cloud.pdf which is what I'm doing now by placing properties files that contain secrets into Kubernetes secrets but ideally I'd like to have these files under version control and only store the passwords in a system like K8s secrets or something like Hashicorp Vault.
--
Darren Boss
Senior Programmer/Analyst
Programmeur-analyste principal
- [grouper-users] Keeping secrets secret, Darren Boss, 04/27/2020
- Re: [grouper-users] Keeping secrets secret, Alex Poulos, 04/27/2020
- Re: [grouper-users] Keeping secrets secret, Poddar, Amit, 04/27/2020
- Re: [grouper-users] Keeping secrets secret, Alex Poulos, 04/27/2020
- Re: [grouper-users] Keeping secrets secret, Oliver Trieu, 04/27/2020
- Re: [grouper-users] Keeping secrets secret, Alex Poulos, 04/27/2020
- Re: [grouper-users] Keeping secrets secret, Poddar, Amit, 04/27/2020
- Re: [grouper-users] Keeping secrets secret, Alex Poulos, 04/27/2020
Archive powered by MHonArc 2.6.19.