Hi folks. What is the security value of encrypting settings (Encrypting sensitive settings | SonarQube Server Documentation) when the key is stored on the same host as the sonar.properties file that contains the encrypted settings? I’m not seeing the point. What am I missing?
If the database (in a production setup, ideally hosted on a separate server) is compromised, the secret key would not necessarily be exposed. This setup helps prevent secrets from being stored as plain text in the database.
Additionally, we recommend restricting permissions for ~/.sonar/sonar-secret.txt to only the account running the SonarQube Server. This account may differ from those with access to the configuration files (of course, if an attacker gets root access to the machine, it’s game over anyways).
Thanks for the reply.
we recommend restricting permissions for
~/.sonar/sonar-secret.txtto only the account running the SonarQube Server
So in our case, that key file would be owned by user is sonar with permissions locked down. Are you saying the sonar.properties file (with a hypothetical encrypted JDBC password in it) can be owned by something other than user sonar?
@Colin Any thoughts on my reply question? I don’t see how the key file and sonar.properties file can have different owners.
@jblaine it is, I suppose, possible for conf/sonar.properties to have broader permissions than sonar-secret.txt (although not necessarily different owners). A user could have access to write to conf/sonar.properties, but not see sonar-secret.txt, while both are owned by sonar.