Credentials Encryption

encrypt

Use the util encrypt command to encrypt credentials (account username / password or API token) in the configuration file conf/xygeni.yml.

When given a Xygeni configuration file, existing values for fields with sensitive data (username and password for both the API or proxy, apikey) are encrypted and stored in a {masked:} block.

This encryption is sufficient for casual viewers 'looking above your shoulder' and is not tamper-proof against a willing bad actor. If you know that the configuration file was leaked, please renew the credentials.

The command documentation gives:

Usage: xygeni util encrypt [-hV] [-o=OUTFILE] [@<filename>...] [YAML-file]

Encrypt secrets in the configuration file.

      [@<filename>...]   One or more argument files containing options.
      [YAML-file]        Path to xygeni.yml with secrets to encrypt.
                         If not given, the scanner's one will be used.
                         Use '-' or 'stdin' for reading from standard input.
  -o, --output=OUTFILE   Optional output file.
                          Defaults to the input YAML-file (or standard output).
                          Use '-' or 'stdout' for standard output.

Examples:

Encrypt sensitive data in the default xygeni.yml configuration file:
```
xygeni util encrypt
```
Encrypt a given configuration file and save under a different name:
```
xygeni util encrypt --output=xygeni_prod.yml xygeni_base.yml
```

Encrypt some secret stored in a file:

# - at the end tells the command to read input from the standard input.
cat my_secret.txt | xygeni util encrypt -

{masked:TbI2wRZ1R6BCYrxQyKWkJJiLBWr0/+zqAZ8UXzQ4UTk=}

PreviousCLI utils NextCentral Configuration

Last updated 1 year ago