Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

SQ Official Doc Link: https://docs.sonarqube.org/display/SONAR/Settings+Encryption

Table of Contents

Encryption is mostly used to remove clear passwords from settings (database or SCM credentials for instance). The implemented solution is based on a symetric key algorithm. The key point is that the secret key is stored in a secured file on disk. This file must owned by and readable only by the system account that runs the SonarQube server, the analysis with SonarQube Runner, SonarQube Ant Task, Maven or from the Continuous Integration server.

The algorithm is AES 128 bits. Note that 256 bits cipher is not used because it's not supported by default on all Java Virtual Machines (see this article).

1. Generate the secret key

A unique secret key must be shared between all parts of the SonarQube infrastructure (server and analyzers). To generate it, go to Administration > Configuration > Encryption and click on Generate Secret Key:

2. Store the secret key on the SonarQube server

  1. Copy the generated secret key to a file:

    sonar-secret.txt
    bIOVA1TybepjqLH+uYxuNh==

  2. Store this file on the machine hosting the SonarQube server (default location:  ~/.sonar/sonar-secret.txt). If you want to store it somewhere else, set its path through the sonar.secretKeyPath property in SONARQUBE_HOME/conf/sonar.properties:

    SONARQUBE_HOME/conf/sonar.properties
    ...
# On Linux
sonar.secretKeyPath=/path/to/my/secure/location/my_secret_key.txt
# On Windows
# (use / or \\ as directory separator)
sonar.secretKeyPath=C:/path/to/my/secure/location/my_secret_key.txt
...
  3. Restrict its access to the system account running the SonarQube server (ownership and read-access only).
  4. Restart your SonarQube server.

3. Generate the encrypted values of your settings

Go back to Administration > Configuration > Encryption and generate the encrypted values of your settings:

4. Use these encrypted values in SonarQube server configuration

Simply copy these encrypted values into SONARQUBE_HOME/conf/sonar.properties:

SONARQUBE_HOME/conf/sonar.properties
sonar.jdbc.url=jdbc:oracle:thin:@172.16.199.130/XE
sonar.jdbc.username=sonar
sonar.jdbc.password={aes}CCGCFg4Xpm6r+PiJb1Swfg==     # Encrypted password for the database
...
sonar.secretKeyPath=C:/path/to/my/secure/location/my_secret_key.txt

Restart your SonarQube server.

  • No labels

© 2017-2018 Moses Kim.

별도의 언급이 없는 한, 이 스페이스의 컨텐츠는 크리에이티브 커먼즈 저작자표시-비영리-동일조건변경허락 4.0 국제 라이선스에 따라 이용할 수 있습니다.
SONARQUBE는 SonarSource SA의 트레이드 마크입니다. 모든 트레이트 마크 및 저작권은 각 소유자의 소유물입니다.

::: SonarQube 관련 문의 : 이메일 :::