Is it still required to decrypt the osgi configuration properties? | Community
Skip to main content
Kamal_Kishor
Community Advisor
Kamal_KishorCommunity Advisor
Community Advisor
September 4, 2024
Solved

Is it still required to decrypt the osgi configuration properties?

  • September 4, 2024
  • 1 reply
  • 1189 views

AEM version 6.5 (SP 15)

We have some config values of type AttributeType.PASSWORD, values are encrypted before putting into config file.

Do we still have to decrypt them before using them in our Service? As per this documentation AEM will do it automatically, I wanted to confirm (without checking myself) - https://github.com/AdobeDocs/experience-manager-65.en/blob/main/help/sites-administering/encryption-support-for-configuration-properties.md#decryption-support-decryption-support

It says

AEM now provides a Configuration Plugin to decrypt configuration properties. This AEM Plugin will automatically decrypt and retrieve the clear text properties.

This is the way to decrypt them (if we have to) -

@3214626 CryptoSupport cryptosupport; Public getDecryptedKey(int encryptedKey) { if(this.cryptoSupport.isProtected(key){ this.cryptoSupport.unprotect(key) }}

 

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by Saravanan_Dharmaraj

@kamal_kishor For encrypted data, which is stored in OSGi configuration, we don’t need to call “unprotect” method explicitly. Thats what i remember using it that way.

 

https://hashouttech.com/blog/How-to-encrypt-Plain-text-and-decrypt-Protected-text-in-Adobe-Experience-Manager 

1 reply

Saravanan_Dharmaraj
Community Advisor
Saravanan_DharmarajCommunity AdvisorAccepted solution
Community Advisor
September 4, 2024

@kamal_kishor For encrypted data, which is stored in OSGi configuration, we don’t need to call “unprotect” method explicitly. Thats what i remember using it that way.

 

https://hashouttech.com/blog/How-to-encrypt-Plain-text-and-decrypt-Protected-text-in-Adobe-Experience-Manager 

    Kamal_Kishor
    Community Advisor
    Kamal_KishorCommunity AdvisorAuthor
    Community Advisor
    September 4, 2024

    thanks @saravanan_dharmaraj - this clarifies the decryption need for the config.

    Additionally, what is the ideal way to have these configs consolidated to be used on different environments as encrypted value vary for each environment. Since for our use case, we have the same value (For eg, Pass123) for all envs, if we have this just in 'config' folder (as currently), this wouldn't work properly.
    We would end up creating multiple configs for each run-mode to provide encrypted value per environment, which would be slightly difficult to maintain.

     

    thank you.

      arunpatidar
      Community Advisor
      arunpatidarCommunity Advisor
      Community Advisor
      September 4, 2024

      Hi @kamal_kishor 
      There usual way to get encrypted value directly from the AEM and put it in env based osgi config.

       

      Another way is to use external secret manager: https://www.linkedin.com/posts/theaemmaven_enhance-security-in-aem-with-azure-key-vault-activity-7233955360233938944-Eq7O/?utm_source=share&utm_medium=member_desktop 

      Arun Patidar
        Terms & ConditionsAccessibility statement

        Loading footer...