search

fortify-ps / FortifyBugTrackerUtility

Automated submission of FoD and SSC vulnerabilities to external systems
MIT License
25 stars 14 forks source link

Update documentation: support for environment variables #43

Closed rsenden closed 3 years ago

rsenden commented 4 years ago

Based on functionality provided by the Spring framework, the utility supports the use of system environment variables in the configuration file. This can be very useful for various purposes, so this functionality should be described in the utility documentation.

As an example, you could have some script to load credentials from some credential store, and pass these credentials to the utility using environment variables. That would avoid the need to hard-code the credentials in the configuration file, or passing them in plain text through command line options (which may expose these credentials in the operating system process list for example).

With the above example in mind, you could add the following snippet to the utility configuration file to load the FoD user name and Personal Access Token from the FOD_USER and FOD_PAT environment variables:

       <util:map id="cliOptionsDefaultValues">
              <entry key="FoDUserName" value="#{systemEnvironment['FOD_USER']}" />
              <entry key="FoDPassword" value="#{systemEnvironment['FOD_PAT']}" />
       </util:map>
rsenden commented 3 years ago

Dedicated support for FBTU_* environment variables has been added to the utility, and is mentioned in the documentation and help output.