Storing Passwords to external systems in Global Properties (For MPI and HIE integration)

Development
,
1

Hi all, moving this topic from the GitHub merge request to Talk. Ticket here

Registration Core:

omod/src/main/resources/config.xml

	<property>${project.parent.artifactId}.mpi.username</property>
	<defaultValue></defaultValue>
	<property>${project.parent.artifactId}.mpi.password</property>
	<defaultValue>admin</defaultValue>

@dkayiwa We generally do not recommend storing passwords in global properties. Did you evaluate running it instead as a daemon user account?

@shaoyuancc I did not, I think what I’ll do is leave it as this for now but then create a ticket and do a separate pull request after this is merged. Does that sound good? I’m not sure what running it as a daemon user account involves so some guidance would be helpful!

@wluyima @dkayiwa this is not a password for an OpenMRS account, it’s a password to the MPI so daemon user doesn’t apply. But I still agree that we should always avoid storing passwords as GP since they get displayed as text in the UI, I don’t know what the solution is but for now I’d ignore this. I personally think we should possibly consider using environment variables but this is a design forum topic.

fyi @mogoodrich @mseaton @craigappl @pgesek @jiahaochua

2

@shaoyuan - moving these from global properties to runtime properties (defined in the .OpenMRS/openmrs-runtime.properties file) might be all you need to do to address this concern. This file is expected to contain passwords and other sensitive configuration settings, and can be secured on the filesystem with appropriate permissions.

Mike

2 Likes
3

Runtime properties also sounds like a great idea.

4

I like it too!

5

Ok got it! Will do

6

Implemented in this commit still in the process of review before the pull request is merged :slight_smile: and updated the Integration with an MPI wiki page.

Thanks all!