问题描述
我们正在研究如何将私钥,应用程序密码等保留在所有可能不安全的位置,例如JNDI,源代码,因此完全在GIT / SVN版本控制系统之外
。
这是我能想到的:
将服务器上的密钥存储为系统变量并在运行时获取它们
将密钥存储在私有数据库(如Redis / Raik)并在服务器上配置数据源,通过JNDI获取数据源以查询密钥
任何其他想法/建议/评论??
另一个目标是我们仍然可以自动更改此配置,并将其保持在Contionus集成/自动部署代码的范围内。配置
We are looking at ways to keep the private keys, application password etc. out of all possible insecure locations such as JNDI, Source Code and thus completely outside of GIT/SVN version control system
.
Here's what I can think of:
Storing the keys on the server as System variables and grab them at runtime
Storing the keys in a private database (such as Redis/Raik) and configure the datasource on the server, grab the datasource through JNDI to query for the keys
Any other ideas/suggestions/comments??
Another goal is that we are still able to automate the changes to this config and keep it under the purview of the Contionus Integration/Automated deployment of code & configuration
这篇关于将私有配置应用程序密码保留在源代码之外的策略的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!