How to LDAP Credentials as secure string in sonar.properties file

Must-share information (formatted with Markdown):

  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension) : SonarQube 9.2.4 (Developer)
  • Trying to use LDAP on production

Hi We are trying to add LDAP configuration in Production server and cannot add simple text password on config file due to security reason.

is there any way secure these credentials.

Also would it be efficient for all users in Active Directory to allow them review the security hot spots.

Thanks
Sunil Bindra

Hi Sunil,

I think you’re looking for Settings Encryption.

Regarding Security Hotspot review, we really do try to keep it to one question per thread. Things get messy otherwise. So please do open another thread for that question.

 
Ann

Thanks Ann
Can we store multiple values in secret file or one value is enough.

This is the setting already have

sonar.secretKeyPath=$SONARQUBE-HOME/sonarqube-9.2.4.50792/conf/sonar-secret.txt

What setting ii need to set in \LDAP password

Hi,

What goes in the file is the single, shared secret key. Your values are then encrypted (and decrypted when appropriate) based on that secret key.

So, you

  • generate your secret
  • put it in the file
  • restrict file perms to the account running SQ
  • restart SQ
  • go to the interface and enter your LDAP password
  • copy the encrypted version of that password returned by the interface
  • paste the encrypted version of the password into your config file
  • restart SQ
  • log in with LDAP

 
HTH,
Ann

1 Like