[Geoserver-devel] [JIRA] (GEOS-9516) Secrets are currently stored in a file as plain text - suggest move to KeyStore

goto theant created an issue

GeoServer / New FeatureGEOS-9516

Secrets are currently stored in a file as plain text - suggest move to KeyStore

Issue Type:

New FeatureNew Feature

Affects Versions:

2.16.2

Assignee:

Unassigned

Components:

PostGIS, Security

Created:

26/Feb/20 11:10 AM

Priority:

MediumMedium

Reporter:

goto theant

Summary: using GeoServer along with postgresql/postgis in Azure - wish to mitigate the risk of the file containing the secrets stored as plain text from being read - is it possible to store the secrets in the KeyStore instead?

Speaking with Ian Turton from Astun has suggested we raise this as a feature request.

Problem description:

We are trying to set up a connection to PostGIS in GeoServer without manual intervention or any type of post-deployment configuration.

Our GeoServer runs as a Docker container.

We have decided to store our configuration in source control.

We have a datastore.xml file, which has the following entry, which has been extracted from a configuration file after setting up the connection to PostGIS manually:

<entry key=“passwd”>crypt2:[some encrypted text here]</entry>

When we attempt to start geoserver with this configuration, we get the following error:

2020-02-24 13:28:26,382 WARN [org.geoserver] - Failed to load data store ‘PostGis’
com.thoughtworks.xstream.converters.ConversionException:
---- Debugging information ----
cause-exception : org.jasypt.exceptions.EncryptionOperationNotPossibleException
cause-message : null
class : org.geoserver.catalog.impl.DataStoreInfoImpl
required-type : org.geoserver.catalog.impl.DataStoreInfoImpl
converter-type : org.geoserver.config.util.XStreamPersister$StoreInfoConverter
line number : 40
version : 2.16.1

at com.thoughtworks.xstream.core.TreeUnmarshaller.convert(TreeUnmarshaller.java:77)
[…] long stack trace

We believe there is a key used for encryption, which is generated on the first run of GeoServer – we have looked at the value stored in geoserver.jceks, which in fact changes if we spin up another instance of GeoServer on the same machine (i.e. rebuild the Docker image and run again). This would be an issue if we scale out our number of container instances, as each instance will have their own unique key in geoserver.jceks.

Storing password in plain text as <entry key=“passwd”>plain:MySecretPassword</entry> works fine.

Any advice on how to progress with this? Have you got any suggestions/advice with regards to storing GeoServer PostGIS configuration in source control?

It was suggested to use a REST API to configure the connection after deployment, however we believe this is just going to store the password in plain text as well.

Add Comment

Add Comment

Get Jira notifications on your phone! Download the Jira Cloud app for Android or iOS


This message was sent by Atlassian Jira (v1001.0.0-SNAPSHOT#100121-sha1:cefda43)

Atlassian logo