| Summary: | Unable to read encrypted values from properties file | ||
|---|---|---|---|
| Product: | Ant | Reporter: | Peeyush <peeyush_bansal> |
| Component: | Core tasks | Assignee: | Ant Notifications List <notifications> |
| Status: | NEW --- | ||
| Severity: | blocker | ||
| Priority: | P2 | ||
| Version: | 1.6.0 | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | other | ||
|
Description
Peeyush
2015-05-27 10:50:27 UTC
import.properties contains below entries: (values are encoded in base64) username=d2VibG9naWM= password=d2VsY29tZTE= the encoding attribute is for the whole file, not property values. Load the property file "normally", get the values for username and password, and if you need those decoded from base64, you'll have to do it "manually" or coax Ant into doing it (I suspect it's possible, but convoluted and not straightforward.). This is not a bug IMHO. --DD Thanks Dominique for the guidance. But is there any link or blog or document that I can follow to achieve this functionality. Any help would be appreciated. In addition to what Dominique said - the encoding attribute expects a charset name supported by the Java classlib, "base64" is not such an encoding name. Unrelated: do yourself a favor and don't call base64-encoding a string an "encryption". This is obfuscation at best, since everybody can "decrypt" it easily. You should be using real crypto if you want to store your passwords safely. ok. so can anyone help me in doing that. I don't want to specify the credentials separately, they should remain in the properties file hidden by some encryption method and when loaded ant can decrypt the values. To be honest I can't think of a combination of Ant tasks that would base64-decode only the value side of a property file. I see two approaches: * a custom PropertyEvaluator that decoded values on the fly * a custom FilterReader http://ant.apache.org/manual/Types/filterchain.html or string filter for a TokenFilter http://ant.apache.org/manual/Types/filterchain.html#tokenfilter that splits the line, base64-decodes the value part and reassembles the line. The second one is probably easier to implement and integrate. Either case it will require you to write your own code in Java, compile it, and make it available to the build process. See also http://stackoverflow.com/questions/10132221/how-do-i-use-base64-encoding-with-loadproperties-in-ant and the link in the one answer, which uses Groovy to script to decrypting within Ant (could probably use another scripting language and leverage the JDK APIs. With a recent enough JDK, the scripting might even be built-in to the JDK). Team Can someone give me a sample ant file with java code for encryption and decryption of credentials in properties file. The method to encrypt can be any. Also the blog mentioned in the comments does not work. If you store encrypted values in a properties file you cant mix encrypted+plain values in one file without additional to specify which values are encrypted.
<property file="">
<encrypted-values prefix="encrypted"/>
<encrypted-values match=".*\.md5$"/>
...
Having different encryption algorithm would encrease that amount of work.
Another approach is having a Decrypt/EncryptFilter, so you could load one value.
<loadfile property="password" srcFile="encrypted">
<filterchain>
<decrypt algorithm="base64"/>
|