Maintenance Notice: labkey.org will be offline at 8:30 PM Pacific Time on Tuesday, February 27th 2024 for upgrade maintenance. The estimated downtime should be no more than 30 minutes. Please save your work before this time. We apologize for any inconvenience.

Plain text password in configuration.xml

LabKey Trial Support
Plain text password in configuration.xml desmond fox  2019-10-04 07:58
Status: Closed

Hello Support,

Our company does not allow us to store plain text passwords in files. Credentials must be always encrypted and then decrypted on the fly.
Does LabKey support encrypted credentials ?


adam responded:  2019-10-05 14:27

How does your company handle other Tomcat applications that connect to resources? If credentials are decrypted on the fly, then how do web applications get that decryption key? The application will need a plain text password/key to decrypt; where is that plain text password stored?

Best practice from the Tomcat team is to properly secure your configuration files. See https://cwiki.apache.org/confluence/display/TOMCAT/Password