Versions Compared

Old Version 23

changes.mady.by.user Elena Amandola (Deactivated)

Saved on

compared with

New Version 24

changes.mady.by.user Elena Amandola (Deactivated)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The ACLI Shell can also create Secure Properties entries as part of its guided site configuration functionality, which can be launched using the slash-command, /sites add.

Working with Secure Properties

Using Secure Properties consists in three main steps:

  • Creating a key store

  • Referencing secrets in the acli.properties file

  • Unlocking the key store

Creating a key store

...

When you create the key store file (named .acli.keystore), it can be found in your home directory.

Each ACLI user on a given system has their own such file. Note that on a multi-user system, each user is required to maintain their own ACLI installation.

The key store file path can be overridden to point to an alternative location through the use of the environment variable ACLI_SECURE_PROPERTIES. This can be useful if you need to work with multiple key stores or multiple installations of ACLI, but typically should not be needed.

To create a key store, run the action setSecureProperty, as shown in the example:

Code Block
languagenone
$ acli system setSecureProperty --name my.secret --secret -
Enter secure value: <secret value prompt>
Secure properties file does not yet exist. Creating...
Enter new secure properties password: <new password prompt>
Confirm secure properties password: <new password prompt>
Remember your password, it cannot be recovered!
Secure properties file created.
Value for key 'foo' set in secure properties file.

The value for the --secret parameter, provided in the example, is - This indicates that the value should be obtained via an interactive prompt (or read from stdin if not connected to a tty).

We strongly recommend that you use this method to provide sensitive values to avoid they are not accidentally recorded in your shell history, where they would end up existing in plain text anyway!

The sequence in ACLI is:

  1. First ACLI prompts for the value of the secret to be stored.

  2. ACLI prompts for the new key store file password (with confirmation).

Note

The key store requires a non-blank password. Once created, do not forget the password!

Key store passwords cannot be recovered by ACLI support.

If your password is ever compromised, you should consider the contents of the key store to also be compromised and rotate any secrets it contains accordingly.

Once created, the key store file (named .acli.keystore) can be found in your home directory.

Each ACLI user on a given system has their own such file. Note that on a multi-user system, each user is required to maintain their own ACLI installation.

...

.

Referencing secrets in acli.properties

...