After inspecting the LDAP Integration page, my team and I were a bit surprised that this flat file seems the only way to insert or configure credentials. Leaving this in plain text is definitely not ideal and we were hoping some sort of api, encryption, and salting might be used. The only (bad) solutions we see are:
(1) to start up Sonar then delete the properties file
(2) lock down file permissions for the properties.
(3) Raw SQL inserts and encrypting the data in the table? (We’re using an external database)
Is there another solution available?
- We’re using latest SonarQube-CE from Docker Hub and external Postgre db.
- We’re also using Ansible w/ Vault for orchestration but I don’t see a way to maintain vault encryption if that properties file is left unencrypted on the filesystem of the docker container.