Is there any way we can avoid providing X-Ldap-BindPass as plain text.

Question

Is there any way we can avoid providing X-Ldap-BindPass as plain text.

skiransk opened this issue 4 years ago · 2 comments

Can anyone please let me know if you tried any other way of providing the X-Ldap_BindPass instead of providing it in plain text.
Committing the admin password to git something risky.

Thank you in advance.
SK

Answer 1 · 2021-06-08T17:47:38.000Z

Is this a situation where a vault (like hashicorp vault, or perhaps using puppet/ansible/salt/etc and a secret vault) would store your secret? And then on deployment of the configuration you'd fill in the "X-Ldap_BindPass"?

Answer 2 · 2022-07-04T05:43:34.000Z

I have the same situation where we are fetching the X-Ldap-BindPass from AWS secret/parameter store and filling it in the nginx configuration file via terraform automation and cloudconfig userdata during deployment. However, this password is still plain text in the nginx conf in the Nginx Plus EC2 instance. Is there a way to encrypt it in the conf itself for AD authentication? Any help/suggestions would be greatly appreciated. Thanks!!