Versions Compared

Old Version 7

changes.mady.by.user Thibaut Moinecourt (Unlicensed)

Saved on

compared with

New Version Current

changes.mady.by.user Thibaut Moinecourt (Unlicensed)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
    headers = {
        'Accept': 'application/json',
        'Content-Type': 'application/json',
        'Authorization': Bot.Bot().GetPasswordConfig("jira_authorization_secret")
    }
    url = Bot.Bot().GetConfig("one_app_api") + "search?username={email}"
    response = requests.get(url, headers=headers)

Pro : Very simple

con Con : password Password potentially saved in git & once you know the key, you can decrypt them

Environment Security

We can store passwords as an environment variable such as below :

Code Block
elastic_password = VARIABLE::varname

Better than basic, no password will ever be visible in the backoffice and password will never be saved in git, and only accessible and editable by someone with a vm access

Azure Vault Security

We are using in this strategy an azure vault, we have a documentation page here : /wiki/spaces/DO/pages/3341090877

In our environment code, we will store the credentials using this new method so the secrets are stored in a secured azure security vault, only accessible by the bot, and a few chosen consultants.

Code Block
elastic_password = AZUREKEYVAULT::varname