将私有配置应用程序密码保留在源代码之外的策略 [英] Strategies for keeping private configuration application passwords out of the Source code

问题描述

我们正在研究如何将私钥，应用程序密码等保留在所有可能不安全的位置，例如JNDI，源代码，因此完全在GIT / SVN版本控制系统之外

。

这是我能想到的：

将服务器上的密钥存储为系统变量并在运行时获取它们

将密钥存储在私有数据库（如Redis / Raik）并在服务器上配置数据源，通过JNDI获取数据源以查询密钥



任何其他想法/建议/评论??

另一个目标是我们仍然可以自动更改此配置，并将其保持在Contionus集成/自动部署代码的范围内。配置

解决方案

我想知道我们是否有关于这个论点的一篇或多篇文章...... [ ^ ]。

We are looking at ways to keep the private keys, application password etc. out of all possible insecure locations such as JNDI, Source Code and thus completely outside of GIT/SVN version control system
.
Here's what I can think of:
Storing the keys on the server as System variables and grab them at runtime
Storing the keys in a private database (such as Redis/Raik) and configure the datasource on the server, grab the datasource through JNDI to query for the keys

Any other ideas/suggestions/comments??
Another goal is that we are still able to automate the changes to this config and keep it under the purview of the Contionus Integration/Automated deployment of code & configuration

解决方案

I wonder if we have one or more articles on this very argument...[^].

这篇关于将私有配置应用程序密码保留在源代码之外的策略的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！