Дома Forums HAast (High Availability for Asterisk) Configuration & Optimization Protecting plain text credentials in config file

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • Avatar photoCustomer Inquiry
    Participant
    Post count: 206

    We have put a variety of credentials in the config files and they are stored in plain text. Is there a way to hide these from other users?

    Avatar photoTelium Support Group
    Participant
    Post count: 268

    The standard in Linux is to leave credentials in plain text config files, and then protect the files using file permissions (owner/group/world).

    However, we realize there are some cases where even the administrator should not be aware of certain credentials so HAast includes a “key chain” feature where HAast can store certain configuration values in an encrypted file (called a keychain). Once a key (comprised of a name and value) has been added to the keychain its value cannot be viewed by the user; it can only be referenced by its name.

    To use a keychain entry in the config file replace the value with the key name prefixed with @. For example, if the config file contains:

    [peerlink]
    secret=”MySecretPassword”

    It could be replaced with

    [peerlink]
    secret=@PeerLinkSecret

    Next you should add the key to the keychain, holding the value you wish to keep hidden:

    [root@qa121]# telnet localhost 3001
    Connected to localhost.
    Escape character is ‘^]’.
    HAast telnet interface on ‘QA121’
    HAast>keychain add PeerLinkSecret
    Enter the key value exactly as you want it to be stored.
    key value>MySecretPassword
    The value associated with key name [PeerLinkSecret] has been set
    HAast>

    Then just restart the HAast service and your credentials will be protected by the keychain.

Viewing 2 posts - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.