Yes they are . The bootstrap.properties enables /encrypt and /decrypt api
of spring boot .
I also found a way to provide custom encryption by providing the following
bean override .
@RefreshScope
@Bean
public RedisConnectionFactory redisConnectionFactory() {
RedisTicketRegistryProperties redis =
this.casProperties.getTicket().getRegistry().getRedis();
redis.setPassword(encrypter.decrypt(redis.getPassword()));
RedisObjectFactory obj = new RedisObjectFactory();
return obj.newRedisConnectionFactory(redis);
}
On Wednesday, September 2, 2020 at 10:38:30 PM UTC+5:30 Ray Bon wrote:
> Priyambada,
>
> Are those spring boot properties?
>
> We add our secrets in as part of the deploy process, they are encrypted in
> an ansible vault. In some cases entire files are stored. This looks like a
> better system if only bootstrap.properties needs protection.
>
> Ray
>
> On Wed, 2020-09-02 at 08:01 -0700, Priyambada Madala wrote:
>
>
> Thank you @leleuj .
>
> I could solve the issue with providing the following configs .
>
> bootstrap.properties :
> encrypt.key=secretekey
>
> cas.properties :
>
> cas.ticket.registry.redis.password={cipher}520b0bce66df5446f764fcbce5828d18ac5872a67
>
>
> On Wednesday, September 2, 2020 at 4:56:15 PM UTC+5:30 leleuj wrote:
>
> Hi,
>
> See:
> https://apereo.github.io/cas/6.2.x/configuration/Configuration-Properties-Security.html
> to
> secure your properties.
> Thanks.
> Best regards,
> Jérôme
>
>
> Le mer. 2 sept. 2020 à 13:22, Priyambada Madala <[email protected]> a
> écrit :
>
> Passwords for your redis cluster should be treated as a sensitive
> information .
> It would be nice to have the password encrypted with a private key.
> On Tuesday, September 1, 2020 at 8:44:37 PM UTC+5:30 Ray Bon wrote:
>
> Priyambada,
>
> Why do you want an encrypted password in your config?
>
> Ray
>
> On Tue, 2020-09-01 at 02:17 -0700, Priyambada Madala wrote:
>
> Notice: This message was sent from outside the University of Victoria
> email system. Please be cautious with links and sensitive information.
>
>
> I have following cas.properties for redis registry set up .
>
> # Redis Ticket Registry properties
> cas.ticket.registry.redis.host=localhost
> cas.ticket.registry.redis.database=1
> cas.ticket.registry.redis.port=6379
> cas.ticket.registry.redis.password=redis
> cas.ticket.registry.redis.timeout=2000
> cas.ticket.registry.redis.useSsl=false
> cas.ticket.registry.redis.usePool=true
>
> cas.ticket.registry.redis.pool.max-active=20
> cas.ticket.registry.redis.pool.maxIdle=8
> cas.ticket.registry.redis.pool.minIdle=0
> cas.ticket.registry.redis.pool.maxActive=8
> cas.ticket.registry.redis.pool.maxWait=-1
> cas.ticket.registry.redis.pool.numTestsPerEvictionRun=0
> cas.ticket.registry.redis.pool.softMinEvictableIdleTimeMillis=0
> cas.ticket.registry.redis.pool.minEvictableIdleTimeMillis=0
> cas.ticket.registry.redis.pool.lifo=true
> cas.ticket.registry.redis.pool.fairness=false
>
> cas.ticket.registry.redis.pool.testOnCreate=false
> cas.ticket.registry.redis.pool.testOnBorrow=false
> cas.ticket.registry.redis.pool.testOnReturn=false
> cas.ticket.registry.redis.pool.testWhileIdle=false
>
> I want to provide an encrypted value in
> "cas.ticket.registry.redis.password".
>
> Is there a possible bean i can override where i can decrypt the password
> with proper key ?
>
> --
>
>
> Ray Bon
> Programmer Analyst
> Development Services, University Systems
> 2507218831 <(250)%20721-8831> | CLE 019 | [email protected]
>
> I respectfully acknowledge that my place of work is located within the
> ancestral, traditional and unceded territory of the Songhees, Esquimalt and
> WSÁNEĆ Nations.
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/06d454ad-4144-49f4-ac31-68b30b243858n%40apereo.org
>
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/06d454ad-4144-49f4-ac31-68b30b243858n%40apereo.org?utm_medium=email&utm_source=footer>
> .
>
> --
>
> Ray Bon
> Programmer Analyst
> Development Services, University Systems
> 2507218831 <(250)%20721-8831> | CLE 019 | [email protected]
>
> I respectfully acknowledge that my place of work is located within the
> ancestral, traditional and unceded territory of the Songhees, Esquimalt and
> WSÁNEĆ Nations.
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/3e7784dc-af12-4652-8f77-237a1de1c1c6n%40apereo.org.
