Must-share information (formatted with Markdown ):
which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension) : SonarQube 9.2.4 (Developer)
Trying to use LDAP on production
Hi We are trying to add LDAP configuration in Production server and cannot add simple text password on config file due to security reason.
is there any way secure these credentials.
Also would it be efficient for all users in Active Directory to allow them review the security hot spots.
Thanks
Sunil Bindra
ganncamp
(G Ann Campbell)
January 12, 2022, 6:08pm
2
Hi Sunil,
I think you’re looking for Settings Encryption .
Regarding Security Hotspot review, we really do try to keep it to one question per thread. Things get messy otherwise. So please do open another thread for that question.
Ann
Thanks Ann
Can we store multiple values in secret file or one value is enough.
This is the setting already have
sonar.secretKeyPath=$SONARQUBE-HOME/sonarqube-9.2.4.50792/conf/sonar-secret.txt
What setting ii need to set in \LDAP password
ganncamp
(G Ann Campbell)
January 13, 2022, 1:22pm
4
Hi,
What goes in the file is the single, shared secret key. Your values are then encrypted (and decrypted when appropriate) based on that secret key.
So, you
generate your secret
put it in the file
restrict file perms to the account running SQ
restart SQ
go to the interface and enter your LDAP password
copy the encrypted version of that password returned by the interface
paste the encrypted version of the password into your config file
restart SQ
log in with LDAP
HTH,
Ann
1 Like