Currently all the passwords used in queue-triage are held in plain-text. It'd be preferable if these weren't held as plain-text values inside the config file, and possibly move this to something like Vault
When using Vault and the only thing that is held, is the path to the config, and you configure the Vault Client with an access token (in order to lookup the secret), which could be stored in file secured by *nix user/group permissions.
Currently Spring-Boot does offer Vault support, but if using Token based authentication (which is currently has the lowest barrier of entry), the token is only supported as a plain-text value inside the config, which defeats the point of what we're trying to achieve - which is extracting out sensitive values from the config file.
Currently all the passwords used in queue-triage are held in plain-text. It'd be preferable if these weren't held as plain-text values inside the config file, and possibly move this to something like Vault
When using Vault and the only thing that is held, is the path to the config, and you configure the Vault Client with an access token (in order to lookup the secret), which could be stored in file secured by *nix user/group permissions.
Currently Spring-Boot does offer Vault support, but if using Token based authentication (which is currently has the lowest barrier of entry), the token is only supported as a plain-text value inside the config, which defeats the point of what we're trying to achieve - which is extracting out sensitive values from the config file.