grouper-users - Re: [grouper-users] Keeping secrets secret
Subject: Grouper Users - Open Discussion List
List archive
- From: Oliver Trieu <>
- To:
- Subject: Re: [grouper-users] Keeping secrets secret
- Date: Mon, 27 Apr 2020 18:54:17 +0200
Hi,
sorry to highjack your thread but had the same problem recently.
I used this method to externalize the passwords for my grouper instance running on openshift (and thats basically kubernets with extras)
https://spaces.at.internet2.edu/display/Grouper/Externalize+and+encrypt+grouper+passwords
This way you can mount the password files using secrets.
And you can put all your config files into version control since
they will not contain any passwords.
Kind Regards
Oliver
Am 27.04.2020 um 17:33 schrieb Alex
Poulos:
ElConfig has been supported for quite some time
(we've used it since 2.3 I know, but I think it goes back
earlier).
On Mon, Apr 27, 2020 at 11:02
AM Poddar, Amit <> wrote:
Hi,
Thanks, Amit
From: <> on behalf of Alex Poulos <>
Sent: Monday, April 27, 2020 10:51 AM
To: Darren Boss <>
Cc: Mailing List <>
Subject: Re: [grouper-users] Keeping secrets secret
You can use env variables and read from these
within a config file. Here's an example:
hibernate.connection.password.elConfig =
${java.lang.System.getenv().get('DATABASE_PASSWORD')}
(Note the .elConfig at the end of the config
parameter: this lets you use JEXL).
You can then populate DATABASE_PASSWORD however you
wish (k8s secret e.g.)
On Mon, Apr 27, 2020 at 10:42 AM Darren
Boss <>
wrote:
Is there any documentation or guidance on
pulling out secrets from Grouper configuration
files?
I found
https://spaces.at.internet2.edu/pages/viewpage.action?pageId=14517786&preview=%2F14517786%2F159979514%2F20191211-TechEx-TAP-Containers-Cloud.pdf
which is what I'm doing now by placing properties
files that contain secrets into Kubernetes secrets
but ideally I'd like to have these files under
version control and only store the passwords in a
system like K8s secrets or something like
Hashicorp Vault.
--
Darren Boss
Senior Programmer/Analyst
Programmeur-analyste principal
Senior Programmer/Analyst
Programmeur-analyste principal
- [grouper-users] Keeping secrets secret, Darren Boss, 04/27/2020
- Re: [grouper-users] Keeping secrets secret, Alex Poulos, 04/27/2020
- Re: [grouper-users] Keeping secrets secret, Poddar, Amit, 04/27/2020
- Re: [grouper-users] Keeping secrets secret, Alex Poulos, 04/27/2020
- Re: [grouper-users] Keeping secrets secret, Oliver Trieu, 04/27/2020
- Re: [grouper-users] Keeping secrets secret, Alex Poulos, 04/27/2020
- Re: [grouper-users] Keeping secrets secret, Poddar, Amit, 04/27/2020
- Re: [grouper-users] Keeping secrets secret, Alex Poulos, 04/27/2020
Archive powered by MHonArc 2.6.19.