47aee6fb02
* backward compatible with the previous idempiere.properties and idempiereEnv.properties version * when the setup/console-setup is executed again the secret keys are stored obfuscated in a different file .idpass * Secret keys are ADEMPIERE_DB_PASSWORD, ADEMPIERE_DB_SYSTEM, ADEMPIERE_MAIL_PASSWORD * to add more is just adding keys to array ConfigurationData.secretVars * the previous (unobfuscated) approach is still preserved passing -DIDEMPIERE_SECURE_PROPERTIES=false to the JVM in setup and server * the approach just run on Linux - as is implemented using shell script, windows is out of the initial scope, but could be possible to implement .bat files to do similar * the default approach is to use getVar.sh and setVar.sh that writes in .idpass obfuscated * is possible to extend and use custom secret managers implementing customSetVar.sh and customGetVar.sh * samples for amazon AWS secretsmanager are included * avoid the email sent on setup sending the secret keys * enclose all variables in myEnvironment.sh within quotes (this avoids problems with variables containing spaces) * add coreutils as required for debian installer (as we use base64 now to obfuscate passwords) * swing client is not affected as it saves the idempiere.properties encrypted in user home folder |
||
|---|---|---|
| .. | ||
| DEBIAN | ||
| etc | ||
| usr/share | ||