evebox
evebox copied to clipboard
How to encrypt password
How can i cypher the password field to avoid being in clear text?
database: elasticsearch: username: username password: password
This is a problem I'm not sure how to solve best. If it was encrypted, you would have to enter a password every time you started EveBox which is not ideal. I think the standard way for client-side applications to do this is for configuration files that you limit the permissions on. Postfix is like this for configuration credentials against your relay SMTP servers. I suppose I could add an option where credentials were looked for in another file like Postfix does, but you'd still be relying on the filesystem to protect your credentials.
Another option is to allow the username and password to be set as an environment variable (this might work, I need to test), then you could integrate with tools like Hashicorp Vault.
Closing as out of scope. Filebeat, and lots of other tools have this same issue and generally file system permissions are the way.