Commit Graph

1 Commits

Author SHA1 Message Date
Carlos Ruiz 47aee6fb02
IDEMPIERE-4602 Encrypt passwords on properties files (FHCA-1982) (#498)
* backward compatible with the previous idempiere.properties and idempiereEnv.properties version
* when the setup/console-setup is executed again the secret keys are stored obfuscated in a different file .idpass
  * Secret keys are ADEMPIERE_DB_PASSWORD, ADEMPIERE_DB_SYSTEM, ADEMPIERE_MAIL_PASSWORD
  * to add more is just adding keys to array ConfigurationData.secretVars
* the previous (unobfuscated) approach is still preserved passing -DIDEMPIERE_SECURE_PROPERTIES=false to the JVM in setup and server
* the approach just run on Linux - as is implemented using shell script, windows is out of the initial scope, but could be possible to implement .bat files to do similar
* the default approach is to use getVar.sh and setVar.sh that writes in .idpass obfuscated
  * is possible to extend and use custom secret managers implementing customSetVar.sh and customGetVar.sh
  * samples for amazon AWS secretsmanager are included
* avoid the email sent on setup sending the secret keys
* enclose all variables in myEnvironment.sh within quotes (this avoids problems with variables containing spaces)
* add coreutils as required for debian installer (as we use base64 now to obfuscate passwords)
* swing client is not affected as it saves the idempiere.properties encrypted in user home folder
2021-01-03 22:19:49 +08:00