Managing Encrypted Passwords in Release

Release provides a mechanism to automatically encrypt passwords and enables you to refer to them, so you do not need to store third-party passwords in plain text in configuration files. To declare a new third-party password:

To automatically encrypt passwords:

1. Add the password to the XL_RELEASE_SERVER_HOME/conf/xl-release-server.conf file:

   third.party.password=value

note

The key must end with .password.

1. Restart Release. The password will automatically be encrypted in the xl-release-server.conf file.

   third.party.password={aes\:v0}vEWwVYoSXqKXW+1Zro5u4KwFiMfsQJ0TJBeTsmtXgv8\=

2. Use the password in Spring configuration files. For example, if you declare ldap.xlrelease.password in the xl-release-server.conf file, then you can use it in the XL_RELEASE_SERVER_HOME/conf/xl-release-security.xml file:

   <bean id="ldapServer" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
       <property name="password" value="${ldap.xlrelease.password}"/>
       ...
   </bean>

Using the password in an Integration plugin

This example shows you how to use the password in your plugin.

To begin, you need to add two classes to the plugin:

com.xebialabs.xlrelease.config.XlrConfig
com.xebialabs.deployit.util.PasswordEncrypter

The XlrConfig class allows you to access the password value stored in the xl-release-server.conf file. Whereas, the PasswordEncrypter class enables you retrieve the password in plain text.

To use the passwords in your plugin script:

1. Add the password to the release-server.conf file :

acme.password=somepassword

2. When you restart the server, the password will be stored as an encrypted string. For example:

acme.password={aes\:v0}vEWwVYoSXqKXW+1Zro5u4KwFiMfsQJ0TJBeTsmtXgv8\=

3. To retrieve the encrypted password value:

myTemp = XlrConfig.getInstance().getConfig(“acme.password”);

4. To retrieve the plain text password value:

myClearPassword = PasswordEncrypter.getInstance().decrypt(myTemp);