Thanks, Amogh It looks like I can simply call the static encrypt method before I store the password in the DB, then pull out the encrypted value and call the static decrypt method before I send the password to the resource in question.
On Tue, Sep 2, 2014 at 3:05 PM, Amogh Vasekar <amogh.vase...@citrix.com> wrote: > Hi, > > You can check DBEncryptionUtil, it provides utility methods for encryption > / decryption. May be add some custom logic for only your cell? > HostEntityDaoImpl might be useful reference. > > Thanks, > Amogh > > On 9/2/14 1:47 PM, "Mike Tutkowski" <mike.tutkow...@solidfire.com> wrote: > > >Thanks, Amogh > > > >In my case, I'm storing the password in the storage_pool_details table's > >value field. Not all cells in this column will need to be encrypted, > >though. What do you suggest there? > > > > > >On Tue, Sep 2, 2014 at 2:28 PM, Amogh Vasekar <amogh.vase...@citrix.com> > >wrote: > > > >> Hi, > >> You can add @Encrypt tag to the field and it would be stored in > >>encrypted > >> form in the DB, and decrypted automatically when reading. It uses the > >>key > >> file provided in db.properties for encryption. > >> You can check many of the VOs, for example UserVO, as a reference. > >> > >> HTH > >> Amogh > >> > >> > >> On 9/2/14 12:38 PM, "Mike Tutkowski" <mike.tutkow...@solidfire.com> > >>wrote: > >> > >> >OK - thanks! > >> > > >> > > >> >On Tue, Sep 2, 2014 at 1:33 PM, Wido den Hollander <w...@widodh.nl> > >> wrote: > >> > > >> >> > >> >> > >> >> On 02-09-14 21:29, Mike Tutkowski wrote: > >> >> > >> >>> Thanks, Wido > >> >>> > >> >>> Do you happen to know a relevant class off the top of your head? > >> >>> > >> >>> > >> >> No sorry, but if you search for where it fetches the VNC password for > >> >>KVM > >> >> VMs you should find it. > >> >> > >> >> It's probably the DB layer which does the encryption and decryption. > >> >> > >> >> Wido > >> >> > >> >> > >> >> > >> >>> On Tue, Sep 2, 2014 at 1:25 PM, Wido den Hollander <w...@widodh.nl> > >> >>> wrote: > >> >>> > >> >>> > >> >>>> > >> >>>> On 02-09-14 21:22, Mike Tutkowski wrote: > >> >>>> > >> >>>> Hi, > >> >>>>> > >> >>>>> I was wondering what our current "best practices" are around > >>storing > >> >>>>> passwords in the DB? > >> >>>>> > >> >>>>> For example, if you want to store the username and password of a > >> >>>>> resource > >> >>>>> that CloudStack manages, how do we recommend storing the password? > >> >>>>> > >> >>>>> > >> >>>>> Using the build-in encryption mechanism? CloudStack also saves > >>the > >> >>>>>VNC > >> >>>> passwords for KVM that way for example. > >> >>>> > >> >>>> Wido > >> >>>> > >> >>>> Thanks! > >> >>>> > >> >>>>> > >> >>>>> > >> >>>>> > >> >>> > >> >>> > >> > > >> > > >> >-- > >> >*Mike Tutkowski* > >> >*Senior CloudStack Developer, SolidFire Inc.* > >> >e: mike.tutkow...@solidfire.com > >> >o: 303.746.7302 > >> >Advancing the way the world uses the cloud > >> ><http://solidfire.com/solution/overview/?video=play>* * > >> > >> > > > > > >-- > >*Mike Tutkowski* > >*Senior CloudStack Developer, SolidFire Inc.* > >e: mike.tutkow...@solidfire.com > >o: 303.746.7302 > >Advancing the way the world uses the cloud > ><http://solidfire.com/solution/overview/?video=play>* * > > -- *Mike Tutkowski* *Senior CloudStack Developer, SolidFire Inc.* e: mike.tutkow...@solidfire.com o: 303.746.7302 Advancing the way the world uses the cloud <http://solidfire.com/solution/overview/?video=play>*™*
