Are there any ways to use encryption for ldap_bindpassword in config.json? #1728
-
|
I feel like setting plain text in ldap_bindpassword in config.json is highly vulnerable for security. Are you guys using it as plain text? Can I use any encryption method for it? |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 13 replies
-
|
That's pretty normal for any kind of application. Where should the encryption key get stored? Instead of storing it within the config.json I think it would be great to source all secrets from separate files, that's something I have started to implement within #1517 for the OIDC integration. |
Beta Was this translation helpful? Give feedback.
-
|
Do you have plan to implement it also for LDAP? |
Beta Was this translation helpful? Give feedback.
-
|
First @fiftin got to accept my contribution for OIDC before I would introduce it somewhere else. In the meantime I would suggest the mentioned environment variable. |
Beta Was this translation helpful? Give feedback.
-
|
You could also store the LDAP password within an environment variable instead of the configuration file, this should be |
Beta Was this translation helpful? Give feedback.
-
|
If not within config file than use environment variables until it could be stored in dedicated secret files. The key store is used for the Ansible runtimes, not for the Semaphore server itself. That's right, the password is used for the LDAP-based authentication, it is not used for any host authentication at all. |
Beta Was this translation helpful? Give feedback.
-
|
Thanks again for your kind reply. I thought environment variable means the "Environment" mechanism in Semaphore UI. |
Beta Was this translation helpful? Give feedback.
-
|
Exactly, I wasn't referring to Semaphore environments, I was referring to environment variables added to the server process at start. |
Beta Was this translation helpful? Give feedback.
-
|
Generally no one except the admins should access server, even if some users have access to server they shouldn't have root access. If semaphore running under certain account or under root account and the permission are set right there is no problem. Even if the credentials from the bind account have been leaked this is usually not a problem because the user should be a dumb ldap user just created for the purpose of being bind to ldap and not used for different applications. It should have permissions to list all users and groups from ldap server and nothing else. What you should consider for better security is, to use ldap over ssl using port 636 and not plain ldap. If you use plain ldap the credentials from all users who authenticate will be visible to anybody if they capture network traffic from the server. |
Beta Was this translation helpful? Give feedback.
Generally no one except the admins should access server, even if some users have access to server they shouldn't have root access. If semaphore running under certain account or under root account and the permission are set right there is no problem.
Even if the credentials from the bind account have been leaked this is usually not a problem because the user should be a dumb ldap user just created for the purpose of being bind to ldap and not used for different applications. It should have permissions to list all users and groups from ldap server and nothing else.
What you should consider for better security is, to use ldap over ssl using port 636 and not plain ldap. If you use plain ldap …