RenanFG
commented
2 weeks ago I know there's a feature to encrypt the database password by adding this line into mirth.properties:
encryption.properties = 1
The password for the database is then encrypted once the mirth service starts. The feature is there it just need to be implemented to entire file content instead of just password.
+1 to this
Is your feature request related to a problem? Please describe. I am trying to make sure data at rest is encrypted where possible/practical. I would like to store all passwords used within mirth in the configuration map. It has connection strings and other confidential information. I don't mind it showing in the UI, though maybe it would be nice to also optionally prompt for a password when entering the configuration map editor.
But
Describe your use case I need this feature so I help ensure what's stored in a plain text file isn't information a hacker could potentially easily gain.
Describe the solution you'd like The main thing I'm after is encrypting the whole file on disk (/mirthconnect/appdata/configuration.properties), and then when mirth reads it in it decrypts it. It wouldn't change how the values are consumed, its just that when mirth writes or reads it encrypts the data so someone crawling the server wouldn't see its contents. This should be optional for those who don't want this additional level of security.
Describe alternatives you've considered Currently it requires me to encrypt and place the encrypted value in the configuration map, and then decrypt it before use, or decrypt on server start up, and place in global map.