Should Apache Felix Jetty Based Http Service configuration be part of the codebase? | Community
Skip to main content
V
vsharm
Level 4
March 9, 2023

Should Apache Felix Jetty Based Http Service configuration be part of the codebase?

  • March 9, 2023
  • 3 replies
  • 2319 views

We have this configuration - Apache Felix Jetty Based Http Service and we need to make few updates to it.


We think keeping this xml configuration in the codebase will be risky in terms of security point of view and  System Admin or DevOps should manually control the entries in this configuration.

 

I am wondering what is the forum's recommendation and best practices about maintaining with some critical configurations in AEM?

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

3 replies

V
Adobe Employee
vivekanand-mishAdobe Employee
Adobe Employee
March 10, 2023

@vsharm As long as you encrypt all your secrets, it's ok to store them in code base. As a general practise, all configurations are advised to be part of code base (Considering future state i.e AEM Cloud service). Avoid manual things as much as you can. Now that being said, you have two options to hide your secrets-

1. Use AEM's crypto support - [0]

2. Define these as a environment secret variables

 

Also, I recommend to use json configurations files instead of XML. Follow this article to embed secret environment variables in your configuration file- [2].

{
"connection.timeout": 1000,
"api-key": "$[secret:server-api-key]",
"url": "$[env:server-url]"
}

 

[0]- https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager-blogs/crypto-support-in-ae...

[1]- https://experienceleague.adobe.com/docs/experience-manager-cloud-service/content/implementing/using-cloud-manager/environment-variables.html?lang=en#add-variables 

[2]- https://experienceleague.adobe.com/docs/experience-manager-cloud-service/content/implementing/deploying/configuring-osgi.html?lang=en 

    V
    vsharmAuthor
    Level 4
    March 10, 2023

    Thank you @vivekanand-mish for the input. We have decided to keep the config in the codebase as we might be moving to cloud soon.As of now we are going to update only one property org.apache.felix.http.jetty.responseBufferSize for which we dont need encryption.

      Himanshu_Jain
      Community Advisor
      Himanshu_JainCommunity Advisor
      Community Advisor
      March 10, 2023

      Refere: https://experienceleague.adobe.com/docs/experience-manager-cloud-service/content/implementing/deploying/configuring-osgi.html?lang=en

       

       

      Himanshu Jain
        Terms & ConditionsAccessibility statement

        Loading footer...