Introduction
The credential store provides a way to use passwords without exposing these to developers.
The server administrator is responsible for setting up the credential store and filling it with passwords. The server administrator should provide a list of available credentials to developers. These developers can use the identifier of a password.
There are two available ways to store passwords:
- a
json
file on disk; - in the Azure Key Vault.
Note
You can only use one of the methods simultaneously.
Prerequisites
An Azure environment should be available for Azure Key Vault.
Setting up a file-based credential store
The file-based credential store is a json
file that resides on disk, called credential_store.json
. This file must contain a single object, containing a set of key-value pairs, where:
- key is the identifier that developers should use,
- value contains the actual password.
Follow these steps to create a file-based credential store containing one password, with PasswordIdentifer
as an identifier.
Step | Action |
---|---|
1 | Create a new text file in the |
2 | Open |
3 | Enter the following information in the file: { |
4 | Save the file. |
5 | Go to the Superadmin Settings tab. |
6 | Add the following entry to the Server settings: "CredentialStore": { |
The identifier PasswordIdentifier
can now be used by developers and, when used, will result in the password s3cr3tp4ssw0rd
.
Below is an example of a credential_store.json
file for a credential store with multiple passwords.
{
"passwordIdentifier": "secr3tp4ssw0rd"
, "ldapServerPassword": "BBx^W2Vh(7!r_>!%"
, "oracleDatabasePassword": "~5u4$8HtCE>3mXpV"
, ...
}
Updated 2 months ago