Ask a Question

SoapUI project keystore password security?

SOLVED
KrisVH
Occasional Contributor

SoapUI project keystore password security?

Hi,

 

I have a project where I need to sign my requests using a keystore. For this I need to add a keystore to my project and also enter the password for it.

 

This means that when I save the project to source control, that password gets saved along with it.

 

I tried a few things to avoid this:

* global SSL keystore: can't seem to use this for signatures

* save the password in the global preferences (so it stays on my machine) and use a reference to read it: this works for a lot of other (password) fields, but not this one

* encrypting the entire project: this makes source control fairly useless

* encrypting just selected properties: doesn't work for this password field and I can't put it in a property either because the password field doesn't work with references

 

Any other ways I could do what I want? So either encrypt/hide the password in WSS Config - Keystores, or, in Outgoing WS-Security Configurations - [my configuration] - Signature, select a keystore that doesn't have to be set in my project?

 

Best regards,

 

Kris

1 ACCEPTED SOLUTION

Accepted Solutions
KrisVH
Occasional Contributor

Re: SoapUI project keystore password security?

Oops, just found a solution myself:

 

When I add a keystore for the project, it's not necessary to enter the password there. I can enter a password in the properties for the WSS signature, and there I can use a reference.

 

(I guess it could still be a good idea to allow references in the password field for the project keystores.)

 

Best regards,

 

Kris

View solution in original post

1 REPLY 1
KrisVH
Occasional Contributor

Re: SoapUI project keystore password security?

Oops, just found a solution myself:

 

When I add a keystore for the project, it's not necessary to enter the password there. I can enter a password in the properties for the WSS signature, and there I can use a reference.

 

(I guess it could still be a good idea to allow references in the password field for the project keystores.)

 

Best regards,

 

Kris

View solution in original post

cancel
Showing results for 
Search instead for 
Did you mean: