2

So I need to find a way to use sensitive details(authentication username, password etc) in my wso2 proxies and sequences without hardcoding them or extracting them from a local entry(like I am currently). In production my wso2 mi is deployed in aws, and I want to be able to store the passwords somewhere where they get extracted only on deployment and then used.

I was reading about storing passwords in a file or in a yaml in aws,but i'm not sure what would be the optimal solution... So far i'm storing my credentials in a local entry and they are referenced from there by my sequences. I don't want to use a secret vault either.

ahinsa
  • 61
  • 6

1 Answers1

3

The most secure way is to use Secure Vault to encrypt the passwords and inject them into the deployment.toml when deploying the server. Take a look at this. Then you can use them like below within your integration.

<property expression="wso2:vault-lookup('synapse_secret')" name="secret"/>

If you are ok to store sensitive values in plain text. You can store the values in a properties file called file.properties. If you are using a different fileName you can pass it to the server startup script like -Dproperties.file.path=/home/dev/dev.properties. Then you can read them through a Property Mediator. Check this. Example below.

<property expression="get-property('file', String propertyName)" name="secret"/>
ycr
  • 12,828
  • 2
  • 25
  • 45