Plain text password in configuration.xml desmond fox  2019-10-04 07:58
Status: Closed

Hello Support,

Our company does not allow us to store plain text passwords in files. Credentials must be always encrypted and then decrypted on the fly.
Does LabKey support encrypted credentials ?


adam responded:  2019-10-05 14:27

How does your company handle other Tomcat applications that connect to resources? If credentials are decrypted on the fly, then how do web applications get that decryption key? The application will need a plain text password/key to decrypt; where is that plain text password stored?

Best practice from the Tomcat team is to properly secure your configuration files. See