2015-04-14 20:13 GMT+03:00 Christopher Schultz <ch...@christopherschultz.net>: > > Luca, > > On 4/14/15 1:07 PM, Luca Menegus wrote: >> Hi, I'd like to suggest the addition of an option that would allow >> reading the keystore password (the password protecting the private >> key used by secure connectors) from file. >> >> My use case: >> >> I manage tomcat configuration including server.xml with a >> Configuration System (Ansible). This allows me to template and >> store tomcat configuration in a Source Control System (as I do for >> other services). The problem is that I need a secure tomcat >> connector and the only way to provide a password to protect private >> keys seems to be to write it in server.xml. Which means that the >> password end up being committed to SCM ( defeating the purpose of >> protecting the keystore with a password). If tomcat could read the >> password from a file than I could generate it randomly on the >> target host and store it on a file only tomcat can read. >> >> >> I hope my suggestion could be considered and I'm ready to further >> discuss my use case if further information are required. >> >> Regards, Luca >> >> PS: this has nothing to do with obfuscating the password (which >> has already been discussed on this list) > > This seems reasonable, but you do have another option: a parameterized > server.xml that pulls the password value in from another place. > Examples include an ant-based build with filtering or external XML > entities.
https://wiki.apache.org/tomcat/FAQ/Password > If you'd still like this feature, please open a Bugzilla enhancement > request. > https://bz.apache.org/bugzilla/enter_bug.cgi?product=Tomcat%209 > http://tomcat.apache.org/bugreport.html#How_to_submit_patches_and_enhancement_requests Best regards, Konstantin Kolinko --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
