Secret Management for LDAP Password

Hello Everyone,

Is it possible to obfuscate or use Keystore for passwords in sg_config.yml. Currently, the LDAP password is in clear text, and according to our compliance team this a problem.

We already limit access to the server and sg_config.yml file, also limit permissions of LDAP user. I need to somehow not use a clear-text password in config files.

All acceptable methods are;

-Hashing password
-using Keystore/truststore
-Obfusticate Password

I already check the documentation but can not find an answer.

Thank you for your help in advance.

Hi @emreb Welcome to the forum!

Did you have a look at the docs here

Are any of those options suitable? The interesting part is that the configs don’t need to be present on the node after upload at all. Would it be more straight forward to remove it entirely? It can later be retrieved from the security index if needed using script with admin cert.