🤔 Description
To ensure a higher level of credential security that may be required in specific industries, ACLI 11.0 introduces the Secure Properties functionality.
...
Working with Secure Properties
The Secure Properties adds a further security check by consulting the Secure Properties key store for the Secure Properties key variable. This check is only performed when the variable reference contains the prefix secret. To distinguish the Secure Properties key from all other variables, the Secure Property keys are prefixed with secret.
You can define when the variable is looked up in the key store by setting the environment variable to actions for creating, updating, reading, and deleting values in an encrypted key store. This key store can then act as a source of variable values that can be referenced in acli.properties.
Prior to the introduction of secure properties, resolution of variables in the acli.properties configuration file included a search of these locations:
other properties defined in
acli.propertiesJava system properties
runtime environment variables
The Secure Properties key store adds a 4th location from which variables may be resolved. By default, this location is only consulted for values if the variable name contains the secret: prefix. This behavior can be overridden to no longer required the prefix, causing the key store to be consulted as a 4th possible search location, even when the secret: prefix is not present. You can perform this override by setting ACLI_SECURE_PROPERTIES_SAFE_MODE=false, the key store is always checked.
Using Secure Properties consists in of three main steps:
Creating a key store
Referencing secrets in the
acli.propertiesfileUnlocking the key store
...