1

I have a concern about putting configuration that consist of db password, server name, and other services settings of my app or service.

Right now, I put the config file on the same place with my codes (Git). This is risky because if someone get it, he / she can connect to my db or services. I am also using CI/CD development tool like Jenkins. Where I should put my config so when I am running my pipelines or auto deployment so my config file is ready ?

  1. Git, same place with my code
  2. Jenkins, creating file and put it inside everytime CI is running
  3. Hidden Drive, pull the config file by Jenkins command when deployment is running
  4. Any other ideas ?

Thank You

Adityo Setyonugroho
  • 877
  • 1
  • 11
  • 29

2 Answers2

1

Have you tried any of the credential specific Jenkins plugins? If the credentials are utilized in your Jenkins job, these should be adequate.

Credentials Plugin: https://wiki.jenkins-ci.org/display/JENKINS/Credentials+Plugin

Plain Credential: https://wiki.jenkins-ci.org/display/JENKINS/Plain+Credentials+Plugin

You may also want to look into ways that your server configuration management tool handles private credentials. For instance, Chef allows encrypted databags to store credentials to be utilized by any node connected to the Chef server.

Preston Martin
  • 2,789
  • 3
  • 26
  • 42
1

One strategy is to store your config file in a separate git repo (with limited access), and import the repo into your app repos through git submodule. It is still good to store everything in git, as you get the same backup benefit from your git hosting providers, plus you can version control your changes.

If privacy is really a big concern for you, you can always encrypt the config files in git, and store the key in Jenkins to decrypt those.

Ang
  • 111
  • 4