Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
BedrockMission!

Learn More

View all

Sign in to view all badges

Store and deploy secure OSGI configuration for OOTB AEM services

Avatar

Avatar
Validate 1
Level 1
nemo7
Level 1

Likes

0 likes

Total Posts

14 posts

Correct Reply

0 solutions
Top badges earned
Validate 1
View profile

Avatar
Validate 1
Level 1
nemo7
Level 1

Likes

0 likes

Total Posts

14 posts

Correct Reply

0 solutions
Top badges earned
Validate 1
View profile
nemo7
Level 1

08-05-2017

Does AEM provide a way to store and deploy secure OSGI configuration(passwords)  for OOTB services?

I know about approach with com.adobe.granite.crypto.CryptoSupport (http://www.wemblog.com/2012/03/how-to-use-crypto-support-in-cq55.html), but unfortunately it doesn't work for OOTB services(e.g Day CQ Mail Service).

Currently, we just change configuration manually on production servers, but we would like to deploy it and store in the repository, and at the same time we don't want to store passwords in an open way.

Is there any way to do it or probably some best practices?

Thanks in advance!

View Entire Topic

Avatar

Avatar
Validate 1
Level 2
25793466
Level 2

Likes

3 likes

Total Posts

22 posts

Correct Reply

2 solutions
Top badges earned
Validate 1
Boost 3
Boost 1
Affirm 1
View profile

Avatar
Validate 1
Level 2
25793466
Level 2

Likes

3 likes

Total Posts

22 posts

Correct Reply

2 solutions
Top badges earned
Validate 1
Boost 3
Boost 1
Affirm 1
View profile
25793466
Level 2

01-08-2018

It appears this indeed is available starting in 6.3.  From the 6.3 release notes: "Support for all OSGI configuration properties to be stored in a protected encrypted form instead of clear text."  How do you enable this or is it done automatically?

What I am really looking for is the LDAP Identity Provider bind password to be masked when I view through the CRX.  In 6.3, I am still seeing it in clear text.  Perhaps that's not what this feature is intended to do.