Storing sensitive configuration values externally

  • Configuration files usually contain sensitive values such as:
  • passwords for database accounts or directory service accounts
  • shared secrets
  • passwords for key stores

Sensitive configuration values should not be shared between instances and stages. For example, the database password for the productive instance should not be available in the configuration for the test instance. 

Airlock IAM supports storing sensitive configuration values in protected keystore files outside the configuration XML.

Options to store values securely

  • To securely store a sensitive configuration value outside the configuration XML there are several options:
  • Use the Config Editor
  • Use the CLI (command-line-interface)
  • Using standard tools for the key store
  • Using standard mechanisms provided by the container technology (see IAM as Docker image)