Re: RFE: read keystorePass from file
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Luca, On 4/16/15 4:16 PM, Luca Menegus wrote: > Hi Chris, > > let me describe what I'm trying to do in more details. > > Goals: * Completely automate tomcat deployment, and make sure > deployment is reproducible and testable in different environment > (hence we use ansible+git to manage installation and _configuration > for tomcat) * Do not make stupid thing (like storing passwords or > keys in SCM) just because we want to automate * Be as secure as > possible I completely understand. > (Working) implementation: > > I install and configure tomcat with ansible (server.xml is an > ansible template, on every run ansible re-generates the template > and compare it to the deployed version, so it needs to be able to > read the deployed server.xml) Then I generate a random pin file, > the keystore and the private keys (and relates cert requests) with > ansible on the target host. (Thanks to Jan suggestion) I can now > instruct tomcat to read the pin from the pin file. I do not need to > store pin/keys in SCM So what have you bought yourself? If Ansible can templatize server.xml, why not simply have it enter the auto-generated pin into the server.xml as it's deployed? I really don't understand why it must be a separate file. Does anyone have access to the Tomcat server who should never see the pin for the keystore? If so, don't give them file-permission-access to the server.xml file. Are you worried about Tomcat being compromised and revealing the contents of server.xml? The Tomcat process needs access to the external pin file, so you haven't protected against this attack, either. > I'm running on linux so I can install the following audit rule: > > auditctl -w [pin file] -p warx -F auid!=tomcat -F auid!=4294967295 > > so *at least* I'm sure that access to the pin file made by anybody > but the tomcat user would be logged (so I know when I was > compromised and need to rekey the cert) So why not simply use that rule with server.xml? > This rule doesn't trigger when I am comparing the deployed > server.xml with the expected version or the deployed keystore (as > to check the presence of the key I do not need the key pin). So you trust Ansible to build-out and deploy the server, but not to read the pin file? Ansible is the *source* of the pin file, so you'd better trust it. > It only trigger when I generate the initial pin, somebody > compromise my box, I need to renew certs (which are all events I > like to be informed about) How do you detect compromise? > Now back to the tomcat relevant suff: > > (at least) in my setup I find it valuable to be able to read > secrets from files I can protect with specific audit rules. Again, why not simply protect server.xml with such audit rules? > Jan suggested me a viable (and easily implemented) way to do it > [1], so I'm ok. I'm glad he was able to help. Konstantin's suggestion 2 days prior had the same solution (you just had to follow the link he posted). > Now the question is, given how easy is to implement Jan solution > do you think my use case deserves an RFE (something like adding > keyPassFile attribute to the Connector )? I don't yet see a justifiable position of how it improves security in any way. I'm happy to implement the feature myself if you can explain how it improves security in any meaningful way. > I do not know tomcat enough to answer, but if you say so I'll post > a BUG. It's definitely an "enhancement" if anything. > Regards and thanks for your help, Luca > > [1] - Add > -Dorg.apache.tomcat.util.digester.PROPERTY_SOURCE=FilePropertySource > to CATALINA_OPTS - deploy a jar in tomcat lib with the following > class: public class FilePropertySource implements > org.apache.tomcat.util.IntrospectionUtils.PropertySource { > @Override public String getProperty(String name) { if > (name.startsWith("file://")) { try { return > readFile(name.substring(7)); } catch (IOException e) { throw new > RuntimeException("Unable to derefercence property " + name, e); } > } return null; } > > String readFile(String fileName) throws IOException { FileReader br > = new FileReader(fileName); try { StringBuilder sb = new > StringBuilder(); char[] buff = new char[4096]; int read = -1; while > ((read = br.read(buff)) != -1) { sb.append(buff, 0, read); } return > sb.toString(); } finally { br.close(); This finally block can throw an NPE. Also note that an IOException thrown from br.close() can cause any in-flight exception to be lost. > } } } > > - in server.xml use it like ${file:///bla/bla/bla} - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v2 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJVMKDMAAoJEBzwKT+lPKRYkEAP+gNOF42ZJdVZh5Ut++fS7kJt 8/yaZxO9D1xgyRbjolUDsTH/ERVL8NGd6Y4DnWOJ5N0cbuC1WtSVQTffGJx4CQu3 F6ljizu1yyyzWUFedFunqWB4zBZB4UwOifwOQZXS/sEtLk23eeazuKf/xpBLM3yK Xq6GjwJDr+y/zmDMMqu2eXV74WnHU1OEkzhKlr14419lCOr/ij1TEK0o6UabfISx J4KR414pT7ry9yYQVtLR/FLh6MDeExuCnO2XHN+U7jQs8K
Re: RFE: read keystorePass from file
Hi Chris, let me describe what I'm trying to do in more details. Goals: * Completely automate tomcat deployment, and make sure deployment is reproducible and testable in different environment (hence we use ansible+git to manage installation and _configuration for tomcat) * Do not make stupid thing (like storing passwords or keys in SCM) just because we want to automate * Be as secure as possible (Working) implementation: I install and configure tomcat with ansible (server.xml is an ansible template, on every run ansible re-generates the template and compare it to the deployed version, so it needs to be able to read the deployed server.xml) Then I generate a random pin file, the keystore and the private keys (and relates cert requests) with ansible on the target host. (Thanks to Jan suggestion) I can now instruct tomcat to read the pin from the pin file. I do not need to store pin/keys in SCM I'm running on linux so I can install the following audit rule: auditctl -w [pin file] -p warx -F auid!=tomcat -F auid!=4294967295 so *at least* I'm sure that access to the pin file made by anybody but the tomcat user would be logged (so I know when I was compromised and need to rekey the cert) This rule doesn't trigger when I am comparing the deployed server.xml with the expected version or the deployed keystore (as to check the presence of the key I do not need the key pin). It only trigger when I generate the initial pin, somebody compromise my box, I need to renew certs (which are all events I like to be informed about) Now back to the tomcat relevant suff: (at least) in my setup I find it valuable to be able to read secrets from files I can protect with specific audit rules. Jan suggested me a viable (and easily implemented) way to do it [1], so I'm ok. Now the question is, given how easy is to implement Jan solution do you think my use case deserves an RFE (something like adding keyPassFile attribute to the Connector )? I do not know tomcat enough to answer, but if you say so I'll post a BUG. Regards and thanks for your help, Luca [1] - Add -Dorg.apache.tomcat.util.digester.PROPERTY_SOURCE=FilePropertySource to CATALINA_OPTS - deploy a jar in tomcat lib with the following class: public class FilePropertySource implements org.apache.tomcat.util.IntrospectionUtils.PropertySource { @Override public String getProperty(String name) { if (name.startsWith("file://")) { try { return readFile(name.substring(7)); } catch (IOException e) { throw new RuntimeException("Unable to derefercence property " + name, e); } } return null; } String readFile(String fileName) throws IOException { FileReader br = new FileReader(fileName); try { StringBuilder sb = new StringBuilder(); char[] buff = new char[4096]; int read = -1; while ((read = br.read(buff)) != -1) { sb.append(buff, 0, read); } return sb.toString(); } finally { br.close(); } } } - in server.xml use it like ${file:///bla/bla/bla} - Original Message - > From: "Christopher Schultz" > To: "Tomcat Users List" > Sent: Thursday, April 16, 2015 7:22:21 AM > Subject: Re: RFE: read keystorePass from file > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Luca, > > On 4/15/15 5:40 PM, Luca Menegus wrote: > > Hi Christopher (and Konstantin), > > > > took some time to reply as I wanted to test your suggestions: > > > > - "a parameterized server.xml that pulls the password [...]": If I > > understood your hint correctly it boils down to passing secrets as > > JVM args (using -D or env vars). I do not think that would satisfy > > my use case as it implies passing secrets on command line or > > environment. Not acceptable for us. > > Definitely don't use system properties: those will show up in a ps > listing, and would take the problem from already-solved to totally-broke > n. > > My actual suggestion was to use a tool like ant to do deployment-time > replacement of a token *in the file* with another value (the > password). Something like this: > > ... >keystorePass="@keystorePassword@" >... >/> > > During deployment, you take > /path/to/staged/webapp/conf/tomcat-server.xml and copy-with-filtering > into /path/to/actual/tomcat/conf/server.xml. The resulting file has: > > ... >keystorePass="tiger" >... >/> > > ... or whatever you told Tomcat to do. > > > - "external XML entities": I gave it a try to this as it looked > > really promising; but I could
Re: RFE: read keystorePass from file
Hi Jan, thank you very much for your suggestion: it solves my usecase and works like a charm! Regards, Luca - Original Message - > From: "Jan Vávra" > To: "Tomcat Users List" > Sent: Thursday, April 16, 2015 8:29:38 AM > Subject: Re: RFE: read keystorePass from file > > Hello, > > Hi, > > I'd like to suggest the addition of an option that would allow reading the > > keystore password (the password protecting the private key used by secure > > connectors) from file. > for such things I use java define for tomcat process: > -Dorg.apache.tomcat.util.digester.PROPERTY_SOURCE=MyPropertySource > MyPropertySource is my class from a jar in tomcat/lib: > > public class MyPropertySource implements > org.apache.tomcat.util.IntrospectionUtils.PropertySource > { > >@Override >public String getProperty(String key) >{ > return some_value; >} > } > > So I'm capable to read eg. database connection string, password from > /etc/myapp.config and even in this class I decrypt passwords. So > passwords can be encrypted in my config. > In context.xml I do write: > > username="${myapp.db.username}" >password="${myapp.db.password}" > ... > /> > > > > > > My use case: > > > > I manage tomcat configuration including server.xml with a Configuration > > System (Ansible). > > This allows me to template and store tomcat configuration in a Source > > Control System (as I do for other services). > > The problem is that I need a secure tomcat connector and the only way to > > provide a password to protect private keys seems to be to write it in > > server.xml. > > Which means that the password end up being committed to SCM ( defeating the > > purpose of protecting the keystore with a password). > > If tomcat could read the password from a file than I could generate it > > randomly on the target host and store it on a file only tomcat can read. > > > > > > I hope my suggestion could be considered and I'm ready to further discuss > > my use case if further information are required. > > > > Regards, > > Luca > > > > PS: this has nothing to do with obfuscating the password (which has already > > been discussed on this list) > > > Jan. > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: RFE: read keystorePass from file
Hello, Hi, I'd like to suggest the addition of an option that would allow reading the keystore password (the password protecting the private key used by secure connectors) from file. for such things I use java define for tomcat process: -Dorg.apache.tomcat.util.digester.PROPERTY_SOURCE=MyPropertySource MyPropertySource is my class from a jar in tomcat/lib: public class MyPropertySource implements org.apache.tomcat.util.IntrospectionUtils.PropertySource { @Override public String getProperty(String key) { return some_value; } } So I'm capable to read eg. database connection string, password from /etc/myapp.config and even in this class I decrypt passwords. So passwords can be encrypted in my config. In context.xml I do write: My use case: I manage tomcat configuration including server.xml with a Configuration System (Ansible). This allows me to template and store tomcat configuration in a Source Control System (as I do for other services). The problem is that I need a secure tomcat connector and the only way to provide a password to protect private keys seems to be to write it in server.xml. Which means that the password end up being committed to SCM ( defeating the purpose of protecting the keystore with a password). If tomcat could read the password from a file than I could generate it randomly on the target host and store it on a file only tomcat can read. I hope my suggestion could be considered and I'm ready to further discuss my use case if further information are required. Regards, Luca PS: this has nothing to do with obfuscating the password (which has already been discussed on this list) Jan. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: RFE: read keystorePass from file
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Luca, On 4/15/15 5:40 PM, Luca Menegus wrote: > Hi Christopher (and Konstantin), > > took some time to reply as I wanted to test your suggestions: > > - "a parameterized server.xml that pulls the password [...]": If I > understood your hint correctly it boils down to passing secrets as > JVM args (using -D or env vars). I do not think that would satisfy > my use case as it implies passing secrets on command line or > environment. Not acceptable for us. Definitely don't use system properties: those will show up in a ps listing, and would take the problem from already-solved to totally-broke n. My actual suggestion was to use a tool like ant to do deployment-time replacement of a token *in the file* with another value (the password). Something like this: During deployment, you take /path/to/staged/webapp/conf/tomcat-server.xml and copy-with-filtering into /path/to/actual/tomcat/conf/server.xml. The resulting file has: ... or whatever you told Tomcat to do. > - "external XML entities": I gave it a try to this as it looked > really promising; but I couldn't get it working. > > If I got it right your suggestion was I should load the keystore > password from a file by declaring the file as an external entity > in server.xml and then reference it in the keystorePass/keyPass > *attribute* of the relevant Connector entity: (PLS know that my > DTD/XML-fu doesn't seems to be up to the task so I might be > missing something obvious) I looks like loading external entities > as attribute values it's forbidden by design [1] ([2] to know about > the test I made). Put the whole in your external entity. Note that I've never bothered trying this, because it just seems like the most work you could do to get the same kind of protection. > *If I'm not wrong* than the only way to do what I'm trying to do is > a patch. If you agree than I'll open an RFE BUG. Let me get you back to your original question. Let me see if I've got this right: Given #1: You have server.xml in revision control. Given #2: You don't want to put a super-secret password into revision control. Conclusion: You must store the super-secret password outside of server.xml. I don't think that's the only conclusion you could have come to. Let me suggest some other possible conclusions, and you tell us if/why each of them is not acceptable. Alt conclusion #1: Use a non-super-secret password. Who cares if "tiger" is in revision-control? Alt conclusion #2: Don't put the password in the at all. It will default to "changeit". Use "changeit" as the keystore's passphrase. Alt conclusion #3: "Given #2" is not relevant because the super-secret password doesn't give a reader any access to anything. There is therefore no problem to solve. What do you think? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v2 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJVL0cNAAoJEBzwKT+lPKRYDEUP/Rb9oSHGT4f/XwAYT08sgWHD y4jXWx0umFK3jzlMssmVM+MHzLlyXGJLFeztK/iT3TuS7kGmQYkwRVOVaTLjPYvq SfhsS3Zvei6JEJwRi35iMRc6kz+YjGomyiuLGd0fF9zGou1BXLGCEbq0+QsGD8+A ZZF//kV+AAmFtEHQRMvCc1DiaNPhDKqbj9OQgoNBM0u4/CVBtbNE+CgNAl4OCUKy wi9Lo8fBTZuNEocsasVGcSdMpxsNV0YKrVdd6hR3Uoc8OxPIdTXv/bHcs5vRaBP1 EJixeIZgQgLh6NYwd/q8WwbOmrBXE3mn/VgLzeQ7imE5RYIYxCe6zJIMM1kNM28Q oKgpS9VotyRyvpLMD7a4Wmltj3tzztErlYQfl46K+ob3lkca0tPeu1mrV6GtkZ1C /ihKd/8rkke6RYYKV/4mRgfBDU4tOeuvobrebkSC7CoRj1DS1WCawO9Aq+Me8BcO m9/FWBKU+yHmjghn2M0lHzVzTKuOWSvJQePIjML4WGuv9xiv+tl16GOnX9RgUWRD SDxzlGK5oHT98Q4D/Cl1mHqfVBUGiCCj39FoR6a9D+SA/k/TLbCutUZtHuM6htYg 0L3ttSmi4EpmLVBLvdFjEXqrQ5neVyyFc7YqbgZZnn45HqwXtlg0MqZiQyZsshso uxnexdws2vN3wF+D4Sxx =tC4S -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: RFE: read keystorePass from file
Hi Christopher (and Konstantin), took some time to reply as I wanted to test your suggestions: - "a parameterized server.xml that pulls the password [...]": If I understood your hint correctly it boils down to passing secrets as JVM args (using -D or env vars). I do not think that would satisfy my use case as it implies passing secrets on command line or environment. Not acceptable for us. - "external XML entities": I gave it a try to this as it looked really promising; but I couldn't get it working. If I got it right your suggestion was I should load the keystore password from a file by declaring the file as an external entity in server.xml and then reference it in the keystorePass/keyPass *attribute* of the relevant Connector entity: (PLS know that my DTD/XML-fu doesn't seems to be up to the task so I might be missing something obvious) I looks like loading external entities as attribute values it's forbidden by design [1] ([2] to know about the test I made). *If I'm not wrong* than the only way to do what I'm trying to do is a patch. If you agree than I'll open an RFE BUG. Hope this makes sense, regards, luca [1] Last point of section 4.4.4 "Forbidden" at http://www.w3.org/TR/REC-xml/#sec-external-ent [2] My test on loading an external file as an attribute value: After the first few test I realised I needed a way to test the actual value tomcat parsed from the external entity, so instead of trying to set the keystorePass/keyPass attr value I switched to the server attribute of the Connector entity. You can see the value tomcat assigned to this attr with wget -S. Test1 (External entities DO NOT WORK as attrs values): echo hello > /tmp/server cat server.xml: [...] (note that NOTATION suff seems to be required otherwise the thing would try to parse the value as a *valid* xml) catalina.out: "SEVERE: Parse Fatal Error at line 65 column 29: The external entity reference "&xxx;" is not permitted in an attribute value." Test2 (Entities WORK as attrs values): cat server.xml: [...] wget -S http://wi0.devenv.dev:8282/: --2015-04-15 23:32:52-- http://wi0.devenv.dev:8282/ Resolving wi0.devenv.dev (wi0.devenv.dev)... 192.168.122.222 Connecting to wi0.devenv.dev (wi0.devenv.dev)|192.168.122.222|:8282... connected. HTTP request sent, awaiting response... HTTP/1.1 404 Not Found Content-Length: 0 Date: Wed, 15 Apr 2015 21:32:52 GMT Server: bla bla bla 2015-04-15 23:32:52 ERROR 404: Not Found. - Original Message - > From: "Christopher Schultz" > To: "Tomcat Users List" > Sent: Tuesday, April 14, 2015 7:13:53 PM > Subject: Re: RFE: read keystorePass from file > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Luca, > > On 4/14/15 1:07 PM, Luca Menegus wrote: > > Hi, I'd like to suggest the addition of an option that would allow > > reading the keystore password (the password protecting the private > > key used by secure connectors) from file. > > > > My use case: > > > > I manage tomcat configuration including server.xml with a > > Configuration System (Ansible). This allows me to template and > > store tomcat configuration in a Source Control System (as I do for > > other services). The problem is that I need a secure tomcat > > connector and the only way to provide a password to protect private > > keys seems to be to write it in server.xml. Which means that the > > password end up being committed to SCM ( defeating the purpose of > > protecting the keystore with a password). If tomcat could read the > > password from a file than I could generate it randomly on the > > target host and store it on a file only tomcat can read. > > > > > > I hope my suggestion could be considered and I'm ready to further > > discuss my use case if further information are required. > > > > Regards, Luca > > > > PS: this has nothing to do with obfuscating the password (which > > has already been discussed on this list) > > This seems reasonable, but you do have another option: a parameterized > server.xml that pulls the password value in from another place. > Examples include an ant-based build with filtering or external XML > entities. > > If you'd still like this feature, please open a Bugzilla enhancement > request. > https://bz.apache.org/bugzilla/enter_bug.cgi?product=Tomcat%209 > > - -chris > -BEGIN PGP SIGNATURE- > Version: GnuPG v2 > Comment: GPGTools - http://gpgtools.org > > iQIcBAEBCAAGBQJVLUrRAAoJEBzwKT+lPKRYojIP/3IiPp9yeixqM+TJSuq25umH > sdnLalXOtJYDrM78zoA8Q+E8YtseCf8CcZII6QFgWVUVTRTZYD//tJEuhKwbhhA5 > I894oqL1G6k3z4yfExX7TsE5+RE6mBEfoMKCpF4n
Re: RFE: read keystorePass from file
2015-04-14 20:13 GMT+03:00 Christopher Schultz : > > Luca, > > On 4/14/15 1:07 PM, Luca Menegus wrote: >> Hi, I'd like to suggest the addition of an option that would allow >> reading the keystore password (the password protecting the private >> key used by secure connectors) from file. >> >> My use case: >> >> I manage tomcat configuration including server.xml with a >> Configuration System (Ansible). This allows me to template and >> store tomcat configuration in a Source Control System (as I do for >> other services). The problem is that I need a secure tomcat >> connector and the only way to provide a password to protect private >> keys seems to be to write it in server.xml. Which means that the >> password end up being committed to SCM ( defeating the purpose of >> protecting the keystore with a password). If tomcat could read the >> password from a file than I could generate it randomly on the >> target host and store it on a file only tomcat can read. >> >> >> I hope my suggestion could be considered and I'm ready to further >> discuss my use case if further information are required. >> >> Regards, Luca >> >> PS: this has nothing to do with obfuscating the password (which >> has already been discussed on this list) > > This seems reasonable, but you do have another option: a parameterized > server.xml that pulls the password value in from another place. > Examples include an ant-based build with filtering or external XML > entities. https://wiki.apache.org/tomcat/FAQ/Password > If you'd still like this feature, please open a Bugzilla enhancement > request. > https://bz.apache.org/bugzilla/enter_bug.cgi?product=Tomcat%209 > http://tomcat.apache.org/bugreport.html#How_to_submit_patches_and_enhancement_requests Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: RFE: read keystorePass from file
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Luca, On 4/14/15 1:07 PM, Luca Menegus wrote: > Hi, I'd like to suggest the addition of an option that would allow > reading the keystore password (the password protecting the private > key used by secure connectors) from file. > > My use case: > > I manage tomcat configuration including server.xml with a > Configuration System (Ansible). This allows me to template and > store tomcat configuration in a Source Control System (as I do for > other services). The problem is that I need a secure tomcat > connector and the only way to provide a password to protect private > keys seems to be to write it in server.xml. Which means that the > password end up being committed to SCM ( defeating the purpose of > protecting the keystore with a password). If tomcat could read the > password from a file than I could generate it randomly on the > target host and store it on a file only tomcat can read. > > > I hope my suggestion could be considered and I'm ready to further > discuss my use case if further information are required. > > Regards, Luca > > PS: this has nothing to do with obfuscating the password (which > has already been discussed on this list) This seems reasonable, but you do have another option: a parameterized server.xml that pulls the password value in from another place. Examples include an ant-based build with filtering or external XML entities. If you'd still like this feature, please open a Bugzilla enhancement request. https://bz.apache.org/bugzilla/enter_bug.cgi?product=Tomcat%209 - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v2 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJVLUrRAAoJEBzwKT+lPKRYojIP/3IiPp9yeixqM+TJSuq25umH sdnLalXOtJYDrM78zoA8Q+E8YtseCf8CcZII6QFgWVUVTRTZYD//tJEuhKwbhhA5 I894oqL1G6k3z4yfExX7TsE5+RE6mBEfoMKCpF4nIXbcfaSlqXoZ1ZcNhmPjS0Jz 4yJK9GWayNmRN7211vLSXd6DrvZ5WsubqNxlq/E5td/kR7cIALNx8mTylD6GvgF8 7TCSPY2ZiUPJQu27rrutwnYU/p9ea9GPNr6lFcF6yt2NDt0TMWkhFAe8UXveIzVT HdIuhCyENGhTjy7tE6kpyvgB9E85SXN1nkx4mkyzoOqhjeJFfo+1OLujcNnCmtOH yrcmVUG2zzboiSh7xy1ehegC54jc3P8J3jTglem1JtWs5c3Yr64EORu7CotbsPxs FRAN/8+loo0b/mZzuxJdDt3h0eQsYsF00h7zOT0Pn2rU/dEo79TBSwglnESIivFx +6DxHyKF4kuoppcSD9HjJRwOGLrA5x5Ck1aEgAOCjdLdJaQDkhZ7X8FkFgTyuwzz 5slSYAHq0JJsoglXBaVSv/gBLuaCxzMomsjIsD+kJ4X7e/bVxvbA6BjtaywTMx7L VwBv8EygkZV7/ap9k15n/4+nk80/wyVTgZD0ig3ceQX/kVs1zTLtIYOxdzjOj6cs OuvJXECVb1iUjTaipAjf =1teY -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RFE: read keystorePass from file
Hi, I'd like to suggest the addition of an option that would allow reading the keystore password (the password protecting the private key used by secure connectors) from file. My use case: I manage tomcat configuration including server.xml with a Configuration System (Ansible). This allows me to template and store tomcat configuration in a Source Control System (as I do for other services). The problem is that I need a secure tomcat connector and the only way to provide a password to protect private keys seems to be to write it in server.xml. Which means that the password end up being committed to SCM ( defeating the purpose of protecting the keystore with a password). If tomcat could read the password from a file than I could generate it randomly on the target host and store it on a file only tomcat can read. I hope my suggestion could be considered and I'm ready to further discuss my use case if further information are required. Regards, Luca PS: this has nothing to do with obfuscating the password (which has already been discussed on this list)