[Kea-users] JSON hiding user and password to dB...
Kevin P. Fleming
kevin at km6g.us
Wed Apr 20 15:52:12 UTC 2022
On Wed, Apr 20, 2022 at 11:43 AM John Gammon <john.gammon at forkeddeer.com>
wrote:
> Good morning, all.
>
> I am curious if there is a method to hide the uid and pwd of the user
> accessing the database as noted within the kea-dhcp4.conf file? I am
> concerning that this remain protected on our network.
>
>
>
In general, no, secrets in configuration files cannot be protected...
because encrypting them would just require that the decryption key be
available to the daemon when it starts up, and thus anyone looking to
harvest the secrets could also decrypt them.
Unless you are willing to provide the decryption key at startup via some
other (non-locally-stored) means, you'd just be adding a layer of
obfuscation, not really securing the secrets.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/kea-users/attachments/20220420/888e1b96/attachment.htm>
More information about the Kea-users
mailing list