Commit Graph

3 Commits

Author SHA1 Message Date
Carlos Ruiz 47aee6fb02
IDEMPIERE-4602 Encrypt passwords on properties files (FHCA-1982) (#498)
* backward compatible with the previous idempiere.properties and idempiereEnv.properties version
* when the setup/console-setup is executed again the secret keys are stored obfuscated in a different file .idpass
  * Secret keys are ADEMPIERE_DB_PASSWORD, ADEMPIERE_DB_SYSTEM, ADEMPIERE_MAIL_PASSWORD
  * to add more is just adding keys to array ConfigurationData.secretVars
* the previous (unobfuscated) approach is still preserved passing -DIDEMPIERE_SECURE_PROPERTIES=false to the JVM in setup and server
* the approach just run on Linux - as is implemented using shell script, windows is out of the initial scope, but could be possible to implement .bat files to do similar
* the default approach is to use getVar.sh and setVar.sh that writes in .idpass obfuscated
  * is possible to extend and use custom secret managers implementing customSetVar.sh and customGetVar.sh
  * samples for amazon AWS secretsmanager are included
* avoid the email sent on setup sending the secret keys
* enclose all variables in myEnvironment.sh within quotes (this avoids problems with variables containing spaces)
* add coreutils as required for debian installer (as we use base64 now to obfuscate passwords)
* swing client is not affected as it saves the idempiere.properties encrypted in user home folder
2021-01-03 22:19:49 +08:00
Carlos Ruiz 970936d08c
IDEMPIERE-4441 FreeBSD find utility requires a target directory in postgresql/SyncDB.sh (#245)
Verify all scripts with shellcheck
https://www.shellcheck.net/
2020-09-08 19:37:00 +02:00
Carlos Ruiz 815d446abc Add RUN_SyncDBDev.sh script to help synchronize database in development environment 2019-12-30 23:42:14 +01:00