SecHub start, allow some config parts only as ENV variables - Githubissues

mercedes-benz / sechub

SecHub provides a central API to test software with different security tools.

https://mercedes-benz.github.io/sechub/

MIT License

259 stars 58 forks source link

SecHub start, allow some config parts only as ENV variables #3224

Open de-jcup opened 2 weeks ago

de-jcup commented 2 weeks ago

Situation

(This is related to #3223 ) but here we only focus on the security part.

We do not want to have the possibility that any tool on the SecHub machine would accidently store any sensitive data by event logs.

Wanted

Sensitive information may be not be defined with something else than environment variables

Solution

SecHub Solution

sechub solution run.sh script shall not use system properties for startup but only env variables

Java

Server startup shall check that sensitive information is only available via env env variables

Sensitive information are

spring.datasource.password
sechub.initialadmin.userid
sechub.initialadmin.userid
sechub.initialadmin.email
sechub.storage.*