evebox icon indicating copy to clipboard operation
evebox copied to clipboard

Published 20 hours ago verified publisher icon jasonish

How to encrypt password

Open ngms17 opened this issue 2 years ago • 1 comments

How can i cypher the password field to avoid being in clear text?

database: elasticsearch: username: username password: password

ngms17 avatar Mar 08 '22 12:03 ngms17

This is a problem I'm not sure how to solve best. If it was encrypted, you would have to enter a password every time you started EveBox which is not ideal. I think the standard way for client-side applications to do this is for configuration files that you limit the permissions on. Postfix is like this for configuration credentials against your relay SMTP servers. I suppose I could add an option where credentials were looked for in another file like Postfix does, but you'd still be relying on the filesystem to protect your credentials.

Another option is to allow the username and password to be set as an environment variable (this might work, I need to test), then you could integrate with tools like Hashicorp Vault.

jasonish avatar Mar 08 '22 19:03 jasonish

Closing as out of scope. Filebeat, and lots of other tools have this same issue and generally file system permissions are the way.

jasonish avatar Mar 10 '23 21:03 jasonish