docker icon indicating copy to clipboard operation
docker copied to clipboard

Published 20 hours ago verified publisher icon OpenCTI-Platform

Feature Request: Add support for passing docker secret files

Open CyberKaizen opened this issue 2 years ago • 0 comments

@SamuelHassine I noticed that when attempting to pass sensitive information as secrets files in docker swarm. That the OpenCTI web application itself did not appear support passing credentials or sensitive api tokens in a secure manner.

The other services such as Minio and RabbitMQ support this, but OpenCTI's Environment variables do not support passing a file.

This leads to issues where if the secrets files have been passed to other services that support it and the same path to the secrets file is added as a value to OpenCTI's env variables, this leads to signature or password mismatch issues.

Some of the following are of issue:

  • APP__ADMIN__PASSWORD
  • MINIO__ACCESS_KEY
  • APP__ADMIN__TOKEN
  • MINIO__ACCESS_KEY
  • MINIO__SECRET_KEY
  • RABBITMQ__PASSWORD

I'm proposing to have Env variables appended with _FILE to support passing docker secrets, or maintaining the current environment variables with automatic detection of secret/config files.

CyberKaizen avatar Feb 19 '23 02:02 CyberKaizen