Expand my Community achievements bar.

Guidelines for the Responsible Use of Generative AI in the Experience Cloud Community.

Should Apache Felix Jetty Based Http Service configuration be part of the codebase?

Avatar

Level 4

We have this configuration - Apache Felix Jetty Based Http Service and we need to make few updates to it.

Screen Shot 2023-03-09 at 4.48.30 PM.png
We think keeping this xml configuration in the codebase will be risky in terms of security point of view and  System Admin or DevOps should manually control the entries in this configuration.

 

I am wondering what is the forum's recommendation and best practices about maintaining with some critical configurations in AEM?

4 Replies

Avatar

Employee Advisor

@vsharm As long as you encrypt all your secrets, it's ok to store them in code base. As a general practise, all configurations are advised to be part of code base (Considering future state i.e AEM Cloud service). Avoid manual things as much as you can. Now that being said, you have two options to hide your secrets-

1. Use AEM's crypto support - [0]

2. Define these as a environment secret variables

 

Also, I recommend to use json configurations files instead of XML. Follow this article to embed secret environment variables in your configuration file- [2].

{
"connection.timeout": 1000,
"api-key": "$[secret:server-api-key]",
"url": "$[env:server-url]"
}

 

[0]- https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager-blogs/crypto-support-in-ae...

[1]- https://experienceleague.adobe.com/docs/experience-manager-cloud-service/content/implementing/using-... 

[2]- https://experienceleague.adobe.com/docs/experience-manager-cloud-service/content/implementing/deploy... 

Avatar

Level 4

Thank you @vivekanand-mishra for the input. We have decided to keep the config in the codebase as we might be moving to cloud soon.As of now we are going to update only one property org.apache.felix.http.jetty.responseBufferSize for which we dont need encryption.