Encrypt usernames and passwords

[boyter]

Currently for convenience the usernames and passwords of the repositories are stored unencrypted. Need to encrypt them as well, but sadly they need to be reversible.

Should also look into storing a ssh key for this such that we dont need username or password.

[boyter]

This answer http://stackoverflow.com/questions/1205135/how-to-encrypt-string-in-java covers things quite well.

You can use Jasypt

With Jasypt, encrypting and checking a password can be as simple as...

StrongTextEncryptor textEncryptor = new StrongTextEncryptor(); textEncryptor.setPassword(myEncryptionPassword); Encryption:

String myEncryptedText = textEncryptor.encrypt(myText); Decryption:

String plainText = textEncryptor.decrypt(myEncryptedText);

[hskrtich]

Be aware, I get around needing passwords by installing the ssh key into the system and setting up ~/.ssh/config file

# Setup SSH keys
mkdir -p ~/.ssh/
cp /setup/RP-readonly_rsa.pem ~/.ssh/RP-readonly_rsa.pem
chmod 600 ~/.ssh/RP-readonly_rsa.pem

# Use a private key ssh key to connect to gerrit
echo "Host gerrit" >> ~/.ssh/config
echo "User RP-readonly" >> ~/.ssh/config
echo "IdentityFile ~/.ssh/RP-readonly_rsa.pem" >> ~/.ssh/config
echo "StrictHostKeyChecking no" >> ~/.ssh/config

[boyter]

That would work too actually... especially since you are calling out to the external git if I am not mistaken.

Something to keep in mind....

[hskrtich]

It works with the internal GIT as well.

[boyter]

Really? Now that is not something I expected!

That is a very cool outcome (all watching please note the coolness). Will have to add that to the documentation that I am working on. Going to leave this open till that is done.

https://github.com/boyter/searchcode-server/issues/50

[bert2002]

I think this solution should be presented in the FAQ, because with ssh I could not find anything on the website.