[Kea-users] JSON hiding user and password to dB...
John Gammon
john.gammon at forkeddeer.com
Wed Apr 20 15:58:19 UTC 2022
Thanks for the clarification, Kevin.
John Gammon
Network Engineer
Forked Deer Electric Cooperative, Inc./Forked Deer Connect, LLC.
email: john.gammon at forkeddeer.com
________________________________
From: Kea-users <kea-users-bounces at lists.isc.org> on behalf of Kevin P. Fleming <kevin at km6g.us>
Sent: Wednesday, April 20, 2022 10:52
Cc: Kea-users at lists.isc.org <Kea-users at lists.isc.org>
Subject: Re: [Kea-users] JSON hiding user and password to dB...
On Wed, Apr 20, 2022 at 11:43 AM John Gammon <john.gammon at forkeddeer.com<mailto:john.gammon at forkeddeer.com>> wrote:
Good morning, all.
I am curious if there is a method to hide the uid and pwd of the user accessing the database as noted within the kea-dhcp4.conf file? I am concerning that this remain protected on our network.
In general, no, secrets in configuration files cannot be protected... because encrypting them would just require that the decryption key be available to the daemon when it starts up, and thus anyone looking to harvest the secrets could also decrypt them.
Unless you are willing to provide the decryption key at startup via some other (non-locally-stored) means, you'd just be adding a layer of obfuscation, not really securing the secrets.
John Gammon
Network Engineer
Office 731-903-4282
john.gammon at forkeddeer.com<mailto:%20john.gammon at forkeddeer.com>
[fdec logo]
1135 North Church Street
PO Box 67
Halls, TN 38040
www.forkeddeer.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/kea-users/attachments/20220420/2dadfd42/attachment-0001.htm>
More information about the Kea-users
mailing list