En

Encryption#

To ensure the secure storage of passwords in the configuration file config.ini (for example, backend/config/config.ini), encryption can be used.

Encryption works with the following parameters:

  • database_password
  • proxy_password
  • smtp_password
  • ldap_password
  • oAuthClientSecret
  • database_password_archive

To encrypt passwords, follow these steps:

  1. Go to Sherpa Orchestrator by adding /generate-key.php to the address and click Generate. Random IV and encryption key will be generated (encoded in Base64 format). Be sure to save them.
  2. Go to Sherpa Orchestrator by adding /encryptor.php to the address. Enter the IV and key (obtained in the previous step) in the corresponding fields. In the Text to encrypt field, enter the password that needs to be encrypted and click Generate. Save the resulting encrypted password.
  3. In the configuration file backend/config/config.ini, save the encrypted password in the corresponding parameter.
  4. In the configuration file, add the parameter use_encryption with the value 1. Save the changes.
  5. Create an environment variable ORCHESTRATOR_ENCRYPTION_KEY and save the encryption key obtained in the first step.
  6. Make sure that in docker-compose.yml under the environment section of the orchestrator container, the line is specified: ORCHESTRATOR_ENCRYPTION_KEY=${ORCHESTRATOR_ENCRYPTION_KEY}.
  7. Restart the containers using run.sh.