Story #2859
Production environment passwords and configuration need to be secured
100%
Description
We currently have a number of services configured to use fairly insecure passwords, and some are checked into SVN for the development environments. These include:
Metacat - admin DN, admin password
OpenLDAP - admin DN and password
Java keystore - passphrase
PostgreSQL - admin user and password
Hazelcast Storage cluster - group name and password
Hazelcast Process cluster - group name and password
Hazelcast Portal cluster - group name and password
likely others ...
We need a secure location for these settings, and values need to be manually overridden in the production environment deployments.
Subtasks
History
#1 Updated by Dave Vieglais over 12 years ago
- Milestone changed from CCI-1.0.0 to CCI-1.0.2
- Target version changed from Sprint-2012.21-Block.3.3 to Sprint-2012.25-Block.4.1
#2 Updated by Chris Jones over 12 years ago
- Status changed from New to In Progress
- Milestone changed from CCI-1.0.2 to CCI-1.0.3
Most components have been changed except for Hazelcast and the node approval tool. Moving this to CCI 1.0.3 for these changes since we have manual workarounds for both of these issues.
#3 Updated by Dave Vieglais about 12 years ago
- Target version changed from Sprint-2012.25-Block.4.1 to Sprint-2012.29-Block.4.3
#4 Updated by Dave Vieglais about 12 years ago
- Milestone changed from CCI-1.0.3 to CCI-1.0.4
#5 Updated by Robert Waltz about 12 years ago
- Target version changed from Sprint-2012.29-Block.4.3 to Sprint-2012.33-Block.5.1
- Position set to 1
#6 Updated by Dave Vieglais about 12 years ago
- Position set to 1
- Position deleted (
4) - Target version changed from Sprint-2012.33-Block.5.1 to Sprint-2012.35-Block.5.2
#7 Updated by Chris Jones about 12 years ago
- Status changed from In Progress to Closed
We've secured all communication except for hazelcast, which requires a solid VPN set up. See https://redmine.dataone.org/issues/3110 . I'm closing this task since the VPN task is separate now.