Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

security: lots of secret contents should be hidden #9

Open
TangliziGit opened this issue Feb 5, 2022 · 0 comments
Open

security: lots of secret contents should be hidden #9

TangliziGit opened this issue Feb 5, 2022 · 0 comments
Assignees
@TangliziGit

Comments

@TangliziGit
Copy link
Member

Security Vulnerability Report

缺陷描述 / Describe the vulnerability
Lots of secret content like database passwords, OAuth secret keys, etc. should be hidden from the public repo.
For example, the database host, username and password in dop-server/application-server/src/main/resources/application-production.yml:

  datasource:
    type: com.alibaba.druid.pool.DruidDataSource
    url: jdbc:mysql://172.29.7.157:3306/db_dop_application
    username: xxxxxxxxxxxx
    password: xxxxxxxxxxxx

and email secrets in message-server/src/main/resources/application-local.yml

  mail:
    host: smtp.qq.com
    username: [email protected]
    password: xxxxxxxxxxxxxx

解决方案 / Describe the solution you'd like

  • use Jenkins credentials
  • move secrets contents to private repo

其他 / Additional context
@TangliziGit TangliziGit self-assigned this Feb 5, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@TangliziGit TangliziGit

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@TangliziGit