Console command to encrypt a secret
When using Ops tools such as Ansible to install/manage GLPI we can use the Console (`bin/console`) to perform some configuration using the "config:set" command.
But when, setting a secret such as the inventory credentials ("basic_auth_password" key in "inventory" context) we must provide it encrypted because the console will store it as-is in database and application expect it to be encrypted when it'll fetch it from there.
For example the following command:
bin/console \
config:set \
--context=inventory \
basic_auth_password \
secret_password
Will create/update the following row in `glpi_configs` table:
+-----+-----------+---------------------+-----------------+
| id | context | name | value |
+-----+-----------+---------------------+-----------------+
| 420 | inventory | basic_auth_password | secret_password |
+-----+-----------+---------------------+-----------------+
SQL query:
SELECT * FROM `glpi_configs` WHERE `context` = 'inventory' and `name` = 'basic_auth_password';
While setting this password via the GUI (path = "/Inventory/Configuration") creates/updates the following row in `glpi_configs` table:
+-----+-----------+---------------------+---------------------------------------------------------------------------+
| id | context | name | value |
+-----+-----------+---------------------+---------------------------------------------------------------------------+
| 420 | inventory | basic_auth_password | abcdefghijklmnopqrstuvwxyz0123456789+abcdefghijklmnopqrstuvwxyz0123456789 |
+-----+-----------+---------------------+---------------------------------------------------------------------------+
Having a new command to call GLPIKey::encrypt() directly such as, for example:
bin/console security:encrypt secret_password # Returns: # abcdefghijklmnopqrstuvwxyz0123456789+abcdefghijklmnopqrstuvwxyz0123456789
We could use it like this:
bin/console \
config:set \
--context=inventory \
basic_auth_password \
"$(bin/console security:encrypt secret_password)"Service d'assistance aux clients par UserEcho