Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
Read More & Register today!
SOLVED

Store and deploy secure OSGI configuration for OOTB AEM services

Avatar

Level 2
Level 2
5/8/17 1:53:32 AM

Does AEM provide a way to store and deploy secure OSGI configuration(passwords)  for OOTB services?

I know about approach with com.adobe.granite.crypto.CryptoSupport (http://www.wemblog.com/2012/03/how-to-use-crypto-support-in-cq55.html), but unfortunately it doesn't work for OOTB services(e.g Day CQ Mail Service).

Currently, we just change configuration manually on production servers, but we would like to deploy it and store in the repository, and at the same time we don't want to store passwords in an open way.

Is there any way to do it or probably some best practices?

Thanks in advance!

Views

3.0K

Replies

5
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Level 9
Level 9
5/10/17 12:13:28 AM

Hi Nemo,

   Till AEM 6.2 it was not supported. During my discussion with adobe product management OR in 6.3 it is made as oob option.  You can check through official support channel & mean time I will check my notes tommorow and will let you know if i find any thing.

Thanks,

View solution in original post

Views

1.4K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
5 Replies

Avatar

Level 10
Level 10
5/9/17 12:52:40 PM

If the values are in Adobe Felix - the idea is that the site is secure - to access it - you need a secure admin password. I am not aware of any other methods to secure the OSGi OOTB config services. 

Views

1.4K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Correct answer by
Level 9
Level 9
5/10/17 12:13:28 AM

Hi Nemo,

   Till AEM 6.2 it was not supported. During my discussion with adobe product management OR in 6.3 it is made as oob option.  You can check through official support channel & mean time I will check my notes tommorow and will let you know if i find any thing.

Thanks,

Views

1.4K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Level 2
Level 2
5/16/17 1:18:37 AM

Hi Smacdonald,

Thanks for the reply. Yes, the OSGI console secure, but usually configuration deployed with the source code and we don't want to store it in an open way inside the GIT.

Best regards,

Andrii

Views

1.7K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 2
Level 2
8/1/18 9:59:38 AM

It appears this indeed is available starting in 6.3.  From the 6.3 release notes: "Support for all OSGI configuration properties to be stored in a protected encrypted form instead of clear text."  How do you enable this or is it done automatically?

What I am really looking for is the LDAP Identity Provider bind password to be masked when I view through the CRX.  In 6.3, I am still seeing it in clear text.  Perhaps that's not what this feature is intended to do.

Views

1.7K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 1
Level 1
10/24/18 8:55:51 PM

Hi Nemo,

How did you finally implement this for storing values in GIT? I understand values can be obscured in felix console.

Thanks

Shelly

Views

1.6K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
AEM Clud migration: Strategy to reduce ACS AEM Commons dependency

Views

13

Likes

0

Replies

1
How to mask the image in AEM?

Views

22

Likes

0

Replies

1
Pipeline-free URL Redirects is not working in AEM Cloud Dispatcher

Views

75

Likes

0

Replies

3
Multifield plugin for the new CF Editor

Views

30

Likes

0

Replies

0
Using Environment Variables in OSGi configurations as part of String

Views

66

Likes

0

Replies

3