1. General
  2. Idées
0

Console command to encrypt a secret

CDuv il y a 4 heures 0

When using Ops tools such as Ansible to install/manage GLPI we can use the Console (`bin/console`) to perform some configuration using the "config:set" command.

But when, setting a secret such as the inventory credentials ("basic_auth_password" key in "inventory" context) we must provide it encrypted because the console will store it as-is in database and application expect it to be encrypted when it'll fetch it from there.

For example the following command:

bin/console \
    config:set \
    --context=inventory \
    basic_auth_password \
    secret_password

Will create/update the following row in `glpi_configs` table:

+-----+-----------+---------------------+-----------------+
| id  | context   | name                | value           |
+-----+-----------+---------------------+-----------------+
| 420 | inventory | basic_auth_password | secret_password |
+-----+-----------+---------------------+-----------------+

SQL query:

SELECT * FROM `glpi_configs` WHERE `context` = 'inventory' and `name` = 'basic_auth_password';

While setting this password via the GUI (path = "/Inventory/Configuration") creates/updates the following row in `glpi_configs` table:

+-----+-----------+---------------------+---------------------------------------------------------------------------+
| id  | context   | name                | value                                                                     |
+-----+-----------+---------------------+---------------------------------------------------------------------------+
| 420 | inventory | basic_auth_password | abcdefghijklmnopqrstuvwxyz0123456789+abcdefghijklmnopqrstuvwxyz0123456789 |
+-----+-----------+---------------------+---------------------------------------------------------------------------+

Having a new command to call GLPIKey::encrypt() directly such as, for example:

bin/console security:encrypt secret_password
# Returns:
# abcdefghijklmnopqrstuvwxyz0123456789+abcdefghijklmnopqrstuvwxyz0123456789


We could use it like this:

bin/console \
    config:set \
    --context=inventory \
    basic_auth_password \
    "$(bin/console security:encrypt secret_password)"

Service d'assistance aux clients par UserEcho