Hi Josefin, While you are correct that DSpace will store these settings in a plain text configuration file by default, this is *not required* for Production scenarios.
In Production, sites may choose to instead specify these same settings via Environment Variables or System properties. For details on using environment variables see our documentation for Reloading/Overriding Configurations: https://wiki.lyrasis.org/display/DSDOC9x/Configuration+Reference#ConfigurationReference-ConfigurationSchemeforReloadingandOverriding So, institutions can decide which approach they wish to use. Obviously, if you store the password in plain text, then you would need to ensure that file is secured as much as possible. This is why many institutions choose to use Environment Variables for configurations which they wish to keep more secure. Hopefully that helps explains the options better. Tim On Monday, February 16, 2026 at 10:23:32 AM UTC-6 Josefin Wahlström wrote: > Hello, > > > > We’re currently looking at the security of DSpace and noticed that the > database password is supposed to be stored in clear text in local.cfg. > > > > I’m wondering what the motivation for this is, and if anyone has an > alternative solution to saving the password in clear text? > > > > Best Regards, > > > > Josefin Wahlström > > Sveriges lantbruksuniversitet > > > > --- > När du skickar e-post till SLU så innebär detta att SLU behandlar dina > personuppgifter. För att läsa mer om hur detta går till, klicka här > <https://www.slu.se/om-slu/kontakta-slu/personuppgifter/> > E-mailing SLU will result in SLU processing your personal data. For more > information on how this is done, click here > <https://www.slu.se/en/about-slu/contact-slu/personal-data/> > -- All messages to this mailing list should adhere to the Code of Conduct: https://lyrasis.org/code-of-conduct/ --- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/d/msgid/dspace-tech/f834fcbc-0988-4ad4-8589-780259058078n%40googlegroups.com.
