[Security] Avoid storing explicit passwords in application.properties

futurewei-cloud / alcor

Alcor: Cloud native SDN platform powered by Kubernetes and Istio

MIT License

32 stars 33 forks source link

[Security] Avoid storing explicit passwords in application.properties #242

Open xieus opened 4 years ago

xieus commented 4 years ago

Context

Currently microservice configuration files (e.g. application.properties) store explicit passwords in order to access database and Keystone. This leaves with security concerns for production environment.

Requirements

Investigate for more secure solutions like PKI
Replace all explicit passwords in config files

cj-chung commented 4 years ago

I think passwords in a file (.conf or .yml) is not a problem, this file is for the deployment not for the development. OpenStack Ansible also use a specific file to save all passwords for all OpenStack services. We just need to add some codes to read a specific .conf or .yml file instead of putting credentials in the application properties. This conf or yml file should be prepared before deployment by human.

xieus commented 4 years ago

Right. The first step for us is to separate config files with source codes so that credential related files are only accessible by DevOps people instead of developer. More advanced password-less mechanism also could be considered.

cj-chung commented 4 years ago

Sprint Vault + HashiCorp maybe is a solution to solve the problem. They are all opensource. The idea is simple, just put secret data in the HashiCorp, and use Spring Vault in the program to retrieve the secret in the code. https://spring.io/projects/spring-vault https://www.vaultproject.io/