>>>>> Steinar Bang <sb-1rlz5cwd...@public.gmane.org>: >>>>> lenny-5o6p1tln9c5dpfhejli6iq-xmd5yjdbdmrexy1tmh2...@public.gmane.org:
>> No, no. >> The cipher key should not be anywhere near your build process, maven, >> shiro.ini, etc. >> None of that is secure. > (just small hobby applications... not banking software...) But I think I have an idea if I can set the value in code instead of setting it in shiro.ini (an OSGi component that generates a key the first time it starts and saves the key in karaf config, and then returns the same key on all restarts). I will look at your first URL.
