[OpenSIPS-Users] Avoid plain text password in configuration files

Mickael Hubert Sat, 05 Jan 2019 11:03:20 -0800

Hi all,
I'm looking for a way to avoid all plain text password into configuration
files.
maybe store sensibles data into secret file and read variables into
opensips configuration file ?


Ex:
*secret file:*

MYSQL_USER: opensips
MYSQL_PWD: 4845123121
...


*Configuration file:*
from:

modparam("drouting", "db_url",
        "mysql://opensips:4845123121@1.1.1.1/opensips")

To:
modparam("drouting", "db_url",
        "mysql://$MYSQL_USER:$MYSQL_PWD@$MYSQL_HOST/opensips")


Or
use Ansible with jinja template ?

modparam("drouting", "db_url",
        "mysql://{{ MYSQL_USER }}:{{ MYSQL_PWD }}@{{ MYSQL_HOST }}/opensips")

The goal is push all configuration on our gitlab (without the "secret file")

Do you have another way ?

thanks in advance

PS: happy new year everyone !

_______________________________________________
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users

[OpenSIPS-Users] Avoid plain text password in configuration files

Reply via email to