Encrypting Passwords
  • Dark
    Light
  • PDF

Encrypting Passwords

  • Dark
    Light
  • PDF

The properties.json file will likely contain passwords. As a best practice, use the rule of least privilege any time this file is managed.

  1. Set the file system permissions to user-read.

    chmod 0600 /opt/pronghorn/current/properties.json
    
  2. Change to the following directory.

    /opt/pronghorn/current/node_modules/@itential/pronghorn-core/utils
    
  3. Use the IAP encrypt tool to encrypt sensitive passwords before saving them in the properties.json file.

    $ node encrypt.js password
    Encrypted Password: $ENC93eb9439537ae34196db49409dd0261a8b87218fafd0419
    

    Note: The encrypt.js tool will respond with a string that starts with $ENC. Use this string when configuring passwords in the properties.json file.

  4. Store the entire string below in the properties.json file without exposing the password.

    "mongoProps": {
        "db": "pronghorn",
        "url": "mongodb://localhost:27017",
        "credentials": {
            "dbAuth": true,
            "user": "pronghorn",
            "passwd": "$ENC82ee8a234a69f15bdb8e05409cda2418878b2f85af"
        }
    }
    
  5. Alternatively, use the Vault Encryption feature. See the HashiCorp Vault Encryption guide to learn more.