We are setting up a FileSystem connection which requires credentials to login to the folder's domain. 

A logical way to store these credentials would be site properties, however, our network administrator would prefer that he can hide the credentials from anyone in the team, including developers. As far as I know, database storage would also not allow for hiding credentials from developers, since you can always 'view data' in Service Studio.

Now I know that we need credentials to develop and test and ideally we could just use development/test credentials, while the credentials of the production environment are hidden. Unfortunately, that is not enough for our network administrator, so I was wondering whether there are any other options. 

It would be fine if we have access to the credentials during development, as long as he can turn off the access when we are live. Restricting access through LifeTime unfortunately causes that the module is removed from dependencies and thus breaks the application.

Hi,

You could use site properties, but store the credentials in encrypted format. Your admin can provide the credentials for developers in dev/test and set the credential password him/herself in production without anyone else having access.

You'd probably need one extra screen to enter -> crypt -> store these credentials, but this is quick to do and another useful feature to whatever backoffice functionality you might already have. Also, storing credentials in plaintext is usually a big no-no.

br,

-Mikko(N)

Mikko Nieminen wrote:

Hi,

You could use site properties, but store the credentials in encrypted format. Your admin can provide the credentials for developers in dev/test and set the credential password him/herself in production without anyone else having access.

You'd probably need one extra screen to enter -> crypt -> store these credentials, but this is quick to do and another useful feature to whatever backoffice functionality you might already have. Also, storing credentials in plaintext is usually a big no-no.

br,

-Mikko(N)

Hi Mikko,

Thanks for your quick answer. This would require us to store a decryption key as well, in order to decrypt it before using it (the FileSystem authentication requires decrypted credentials), right?

If so, would you store this decryption key as a site variable as well?


Solution


This would require us to store a decryption key as well, in order to decrypt it before using it (the FileSystem authentication requires decrypted credentials), right?

If so, would you store this decryption key as a site variable as well?

Yes, basically so.

If you would like to get away with one site property, you could always store the encrypted credentials in database and have the site property for decryption key.

br,

-Mikko(N)

Solution