It's all about the answers!

Ask a question
QuestionsTagsUsersBadges
Follow this question
Question details

×42,788

question asked: Jul 14 '11, 7:02 a.m.
question was seen: 3,497 times
last updated: Jul 14 '11, 7:02 a.m.

Related questions

FAQ - How this Forum works

How best to store sensitive files in SCM?

0
Bill Higgins (4562523) | asked Jul 14 '11, 7:02 a.m.
JAZZ DEVELOPER
My team is doing some "DevOps" prototyping and one of the principles is that you construct and deploy your test and production systems based on automation scripts and configuration files stored in SCM. We are using RTC 3.0 for SCM and build.

Some of the configuration files are quite sensitive - e.g. SSH private keys - but must be stored in SCM to allow for full automation.

I'm wondering if anyone could shed light on best practices for storing sensitive files like this in SCM. Here was my first take:

1. Upgrade to RTC 3.0.1 for the finer-grained SCM Read Permissions support
2. Create a new team area ("Sensitive Data Team") for functional users and a small number of admin users
3. Create a component ("Sensitive Data") that contains things like SSH private keys, password files, etc.

Does this sound like the best approach or are there better ways?

3 answers

Most liked answers ↑|Newest answers|Oldest answers

0
permanent link
Geoffrey Clemm (30.1k33035) | answered Jul 14 '11, 7:33 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER
That looks about right to me.
Note that if you cannot upgrade to RTC 3.0.1, you can replace steps 1
and 2 with just "create a project area which allows read access by only
the list of users that should have read access to the sensitive data",
and make this project area the owner of the sensitive component.

Also, you might want to look at work item 168196 "Provide read
permission at the folder/file granularity" to confirm that this would
allow you to simplify step 3 (i.e., you'd just specify access control on
those files, and not have to create a separate component for them).

Cheers,
Geoff

On 7/14/2011 7:08 AM, bill wrote:
My team is doing some "DevOps" prototyping and one of the
principles is that you construct and deploy your test and production
systems based on automation scripts and configuration files stored in
SCM. We are using RTC 3.0 for SCM and build.

Some of the configuration files are quite sensitive - e.g. SSH private
keys - but must be stored in SCM to allow for full automation.

I'm wondering if anyone could shed light on best practices for storing
sensitive files like this in SCM. Here was my first take:

1. Upgrade to RTC 3.0.1 for
the
finer-grained SCM Read Permissions support
2. Create a new team area ("Sensitive Data Team") for
functional users and a small number of admin users
3. Create a component ("Sensitive Data") that contains
things like SSH private keys, password files, etc.

Does this sound like the best approach or are there better ways?
0
permanent link
Marshall Schor (1012624) | answered Jul 25 '11, 2:20 p.m.
We are using RTC with TomCat, and have setup Tomcat for LDAP authentication of users.

When a user starts an Eclipse client, they are asked for *2* passwords - one is their LDAP authentication password, and the other is the "secure password" that goes with the RTC connection (I think).

I don't see a reason for having 2 passwords; is there something I'm missing?

If not, is there a way to remove the need for the 2nd password in some configuration setting?

-Marshall Schor
0
permanent link
Matt Lavin (2.7k2) | answered Jul 26 '11, 12:57 p.m.
FORUM MODERATOR / JAZZ DEVELOPER

I don't see a reason for having 2 passwords; is there something I'm missing?


You should only ever be prompted for one password. If you have chosen the 'save your password' option, then you will be prompted by Eclipse to secure your password storage if running on Linux or OS X. When running on Windows, the password for your secure storage is automatically managed.

If you chose not to save your password, then you should be prompted to enter your LDAP password, because it wasn't saved.

Your answer

Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.