Search…
Encrypted Credentials in Custom Applications
In Release 5.6.2 and higher, OmniSci can accept a set of encrypted credentials for secure authentication of a custom application. This topic provides a method for providing an encryption key to generate encrypted credentials and configuration options for enabling decryption of those encrypted credentials.

Generating an Encryption Key

Generate a 128- or 256-bit encryption key and save it to a file. You can use https://www.allkeysgenerator.com/Random/Security-Encryption-Key-Generator.aspx to generate a suitable encryption key.

Configuring the Web Server

Set the file path of the encryption key file to the encryption-key-file-path web server parameter in omnisci.conf:
1
[web]
2
encryption-key-file-path = “path/to/file”
Copied!
Alternatively, you can set the path using the --encryption-key-file-path=path/to/file command line argument.

Generating Encrypted Credentials

Generate encrypted credentials for a custom application by running the following Go program, replacing the example key and credentials strings with an actual key and actual credentials. You can also run the program in a web browser at https://play.golang.org/p/nNBsZ8dhqr0.
1
package main
2
3
import (
4
"crypto/aes"
5
"crypto/cipher"
6
"crypto/rand"
7
8
"fmt"
9
"io")
10
11
// 1. Replace example key with encryption string
12
var key = "v9y$B&E(H+MbQeThWmZq4t7w!z%C*F-J"
13
14
// 2. Replace strings "username", "password", "dbName"with credentials
15
var stringsToBeEncrypted = []string{
16
"username",
17
"password",
18
"dbName",
19
}
20
21
// 3. Run program to see encrypted credentials in console
22
func main() {
23
for i := range stringsToBeEncrypted {
24
encrypted, err := EncryptString(stringsToBeEncrypted[i])
25
if err != nil {
26
panic(err)
27
}
28
fmt.Printf("%s => %s\n", stringsToBeEncrypted[i],encrypted)
29
}
30
}
31
32
func EncryptString(str string) (encrypted string,err error) {
33
keyBytes := []byte(key)
34
35
block, err := aes.NewCipher(keyBytes)
36
if err != nil {
37
panic(err.Error())
38
}
39
aesGCM, err := cipher.NewGCM(block)
40
if err != nil {
41
panic(err.Error())
42
}
43
nonce := make([]byte, aesGCM.NonceSize())
44
if _, err = io.ReadFull(rand.Reader, nonce); err!= nil {
45
panic(err.Error())
46
}
47
strBytes := []byte(str)
48
49
cipherBytes := aesGCM.Seal(nonce, nonce, strBytes,nil)
50
51
return fmt.Sprintf("%x", cipherBytes), err
52
}
Copied!
Last modified 5mo ago