Reply To: Encryption of config file passwords

There are a few ways to address your problem.

First, you can limit access to the HAAst config files (or even entire /etc/xdg/telium directory) so that only the root user can read them. Using the chmod command will allow you to set these files to readonly (r – -) for root:

chmod 400 haast.conf

Second, you can also encrypt the password before placing it into the config file. For example, using md5sum we can generate a hash of your obvious password:

[root@qa14 dev]# echo "MyObviousPassword" | md5sum
7f1e7328e9c668dbc73485eecd91b7ba -

Then you would use 7f1e7328e9c668dbc73485eecd91b7ba as your password entered into the haast.conf file on both nodes.

Third, you can store sensitive config file information in the HAast keychain.   To use a keychain value in a configuration item simply replace the value with @KEYNAME. Applicable configuration items show @KEYNAME as an option in the documentation. Note that a KEYNAME can contain only letters, numbers, and underscore, and case of the letters is ignored.  See section 3.1 of the installation guide (as of Jan 2021) for further details of the keychain.