AEM version 6.5 (SP 15)
We have some config values of type AttributeType.PASSWORD, values are encrypted before putting into config file.
Do we still have to decrypt them before using them in our Service? As per this documentation AEM will do it automatically, I wanted to confirm (without checking myself) - https://github.com/AdobeDocs/experience-manager-65.en/blob/main/help/sites-administering/encryption-...
It says
AEM now provides a Configuration Plugin to decrypt configuration properties. This AEM Plugin will automatically decrypt and retrieve the clear text properties.
This is the way to decrypt them (if we have to) -
@reference
CryptoSupport cryptosupport;
Public getDecryptedKey(int encryptedKey)
{
if(this.cryptoSupport.isProtected(key){
this.cryptoSupport.unprotect(key)
}}
Solved! Go to Solution.
Topics help categorize Community content and increase your ability to discover relevant content.
Views
Replies
Total Likes
@Kamal_Kishor For encrypted data, which is stored in OSGi configuration, we don’t need to call “unprotect” method explicitly. Thats what i remember using it that way.
@Kamal_Kishor For encrypted data, which is stored in OSGi configuration, we don’t need to call “unprotect” method explicitly. Thats what i remember using it that way.
thanks @Saravanan_Dharmaraj - this clarifies the decryption need for the config.
Additionally, what is the ideal way to have these configs consolidated to be used on different environments as encrypted value vary for each environment. Since for our use case, we have the same value (For eg, Pass123) for all envs, if we have this just in 'config' folder (as currently), this wouldn't work properly.
We would end up creating multiple configs for each run-mode to provide encrypted value per environment, which would be slightly difficult to maintain.
thank you.
Hi @Kamal_Kishor
There usual way to get encrypted value directly from the AEM and put it in env based osgi config.
Another way is to use external secret manager: https://www.linkedin.com/posts/theaemmaven_enhance-security-in-aem-with-azure-key-vault-activity-723...
@arunpatidar : Every environment gives a different encrypted value for same secret-key. I was hoping if there was a way to use a similar encryption mechanism somehow so that we can avoid creating a config for every environment.
thank you.
Hi @Kamal_Kishor
Yes, this is the case. thats why we need to have copy of the config in every env runmode.