Managing Encrypted Passwords in Release
Release provides a mechanism to automatically encrypt passwords and enables you to refer to them, so you do not need to store third-party passwords in plain text in configuration files.
To automatically encrypt passwords:
-
Add the password to the
XL_RELEASE_SERVER_HOME/conf/xl-release-server.conffile:third.party.password=valuenoteAny secrets in the configuration file that have
passwordorsecretsuffix will be encrypted. -
Restart Release. The password will automatically be encrypted in the
xl-release-server.conffile:third.party.password={aes\:v0}vEWwVYoSXqKXW+1Zro5u4KwFiMfsQJ0TJBeTsmtXgv8\= -
Use the password in Spring configuration files. For example, if you declare
ldap.xlrelease.passwordin thexl-release-server.conffile, then you can use it in theXL_RELEASE_SERVER_HOME/conf/xl-release-security.xmlfile:<bean id="ldapServer" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<property name="password" value="${ldap.xlrelease.password}"/>
...
</bean>
Using the Password in an Integration Plugin
This example shows you how to use the password in your plugin.
To begin, you need to add two classes to the plugin:
com.xebialabs.xlrelease.config.XlrConfig
com.xebialabs.deployit.util.PasswordEncrypter
The XlrConfig class allows you to access the password value stored in the xl-release-server.conf file. Whereas, the PasswordEncrypter class enables you retrieve the password in plain text.
To use the passwords in your plugin script:
-
Add the password to the release-server.conf file:
acme.password=somepassword -
When you restart the server, the password will be stored as an encrypted string:
acme.password={aes\:v0}vEWwVYoSXqKXW+1Zro5u4KwFiMfsQJ0TJBeTsmtXgv8\= -
To retrieve the encrypted password value:
myTemp = XlrConfig.getInstance().getConfig("acme.password"); -
To retrieve the plain text password value:
myClearPassword = PasswordEncrypter.getInstance().decrypt(myTemp);