How to encrypt passwords


#1

I am deploying lucee via a cloudformation script at amazon. I want to be able to store the database and admin passwords as a seperate object and just inject them into the proper xml at deploy time.

The problem is that the passwords in lucee are in encrypted, how do i convert my plain text password created when the database instance is formed into the encrypted version lucee uses?

ie: dbpassword = ‘mybadpassword’
password: “encrypted:encryptedpasswordstringfrommybadpassword”

Also since each instance of lucee is run in a container is the encryption key the same across all lucee installs so the same encrypted password will decrypt to the same value on all lucee servers?

If none of that works is it possible to store the password unencrypted by leaving the encrypted identifier off, certainly not an ideal method?

I assume the same method to encrypt is used for the admin password as well.


#2

Brad should know. He has this on Forgebox. Password is SHA256 salted hash. DB is encrypted Blowfish, I think.
https://www.forgebox.io/view/lucee-password-util

Also saw this:


#3

Yep, that library will do it but you don’t need to use that lib directly. Use CFConfig which is built for this purpose. CFConfig bundles the lib above plus a lot more wrapped up as a CLI.

https://cfconfig.ortusbooks.com/introduction/getting-started-guide


#4

I like this solution as it seams a little less problematic in case the internal details change going forward it seems less fragile.

Although it does require an external dependency since I need to install commandbox and CFConfig separately.