Home Forums HAast (High Availability for Asterisk) Configuration & Optimization Encryption of config file passwords

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • Avatar photoCustomer Inquiry
    Participant
    Post count: 203

    I use the same password across numerous devices (let’s say it’s “MyObviousPassword”). If someone gets access to my PBX they will find my password in the HAAst config file, and then they will be able to break into everything I own.

    Can this password by encrypted in a separate file or something?

    Avatar photoTelium Support Group
    Participant
    Post count: 265

    There are a few ways to address your problem.

    First, you can limit access to the HAAst config files (or even entire /etc/xdg/telium directory) so that only the root user can read them. Using the chmod command will allow you to set these files to readonly (r – -) for root:

    chmod 400 haast.conf

    Second, you can also encrypt the password before placing it into the config file. For example, using md5sum we can generate a hash of your obvious password:

    [root@qa14 dev]# echo "MyObviousPassword" | md5sum
    7f1e7328e9c668dbc73485eecd91b7ba -

    Then you would use 7f1e7328e9c668dbc73485eecd91b7ba as your password entered into the haast.conf file on both nodes.

    Third, you can store sensitive config file information in the HAast keychain.   To use a keychain value in a configuration item simply replace the value with @KEYNAME. Applicable configuration items show @KEYNAME as an option in the documentation. Note that a KEYNAME can contain only letters, numbers, and underscore, and case of the letters is ignored.  See section 3.1 of the installation guide (as of Jan 2021) for further details of the keychain.

Viewing 2 posts - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.