Credentials Encryption
encrypt
Use the util encrypt
command to encrypt credentials (account username / password or API token) in the configuration file conf/xygeni.yml
.
When given a Xygeni configuration file, existing values for fields with sensitive data (username
and password
for both the API or proxy, apikey
) are encrypted and stored in a {masked:}
block.
The command documentation gives:
Usage: xygeni util encrypt [-hV] [-o=OUTFILE] [@<filename>...] [YAML-file]
Encrypt secrets in the configuration file.
[@<filename>...] One or more argument files containing options.
[YAML-file] Path to xygeni.yml with secrets to encrypt.
If not given, the scanner's one will be used.
Use '-' or 'stdin' for reading from standard input.
-o, --output=OUTFILE Optional output file.
Defaults to the input YAML-file (or standard output).
Use '-' or 'stdout' for standard output.
Examples:
Encrypt sensitive data in the default
xygeni.yml
configuration file:xygeni util encrypt
Encrypt a given configuration file and save under a different name:
xygeni util encrypt --output=xygeni_prod.yml xygeni_base.yml
Encrypt some secret stored in a file:
# - at the end tells the command to read input from the standard input. cat my_secret.txt | xygeni util encrypt - {masked:TbI2wRZ1R6BCYrxQyKWkJJiLBWr0/+zqAZ8UXzQ4UTk=}
Last updated