Consider cleaning up security resources folder at the end of configure.sh

WASdev / ci.docker

Build scripts for Docker images (Dockerfiles) and Docker related utilities for WebSphere Liberty.

Apache License 2.0

124 stars 122 forks source link

Consider cleaning up security resources folder at the end of configure.sh #565

Open leochr opened 1 year ago

leochr commented 1 year ago

The configure.sh script starts and stops the server. This produces artifacts in /output/resources/security/ including keystore, truststore and ltpa key if appSecurity feature is enabled. Including these with the container images could be a security issue. Consider deleting these resources. Would it have impact on java cache (SCC) and impact server startup?

tjwatson commented 1 year ago

Would it have impact on java cache (SCC) and impact server startup?

The /output/resources/security folder should have nothing to do with the SCC. But it will impact container startup because when this directory is created it is because there is no configured certificate for SSL so each container image startup the certificate will have to be regenerated.