Q: Secret-Key Reutilizable

security
sonarqube

(Jonathan Velasco) #1

Hello Eveyone,

I’m doing an image with sonarqube 7.1 for my development team, in that image I want it to be a series of configurations for defects and one of them is encryption
1- It is possible to grab the existing sonar-secret.txt file from another instance and place it in the container and thus the encryption work? of course giving only read permissions to that file as the documentation says
https://docs.sonarqube.org/display/SONARqube71/Settings+Encryption

3- I think the secret key is associated with the server id and the AES 128 encryption

2- However I would like to know if it is not possible that another alternative would remain without leaving the credentials exposed?

Best regards