Ticket #219 (closed task: fixed)

Opened 6 years ago

Last modified 6 years ago

Move out build scripts and secrets from GSCF repository

Reported by: business@… Owned by: work@…
Priority: major Milestone: 0.6.2
Component: General Version:
Keywords: Cc:
Hardware: Operating system:
Product: URL:


Currently, the GSCF repository has temporarily been closed due to security exposure. It should be open again as soon as possible.

Todo points:

  • move out build scripts to a private repository
  • leave 'gscf'/'dbnp' database password as default in Config.groovy but replace them in the build scripts by secure passwords for the different deploy environments
  • leave a default secret in Config.groovy but replace by a new one for the different deploy environments
  • replace the gmail username and password with something like 'your-email-server-here' and 'your-email-password-here' in Config.groovy but replace by gscfproject account credentials in the different deploy environments

Change History

comment:1 Changed 6 years ago by work@…

Moved build scripts and vhost configuration into private svn server, and removed them from the gscf tree in r1214

comment:2 Changed 6 years ago by work@…

  • Milestone changed from 0.6.1 to 0.6.2

The other issues cannot be resolved in due time, hence changing milestone to 0.6.2

comment:3 Changed 6 years ago by business@…

One configuration is called 'test' and that is annoying as it messes up the grails test-app functionality.

comment:4 Changed 6 years ago by business@…

Actually, you can specify a location for the config files, that makes much more sense...

locations to search for config files that get merged into the main config
config files can either be Java properties files or ConfigSlurper? scripts

grails.config.locations = [ "classpath:${appName}-config.properties",

if(System.properties${appName}.config.location?) {
grails.config.locations << "file:" + System.properties["${appName}.config.location"]

comment:5 Changed 6 years ago by work@…

yeah I know, but that is not really user friendly...

comment:6 Changed 6 years ago by business@…

  • Status changed from new to assigned
  • Owner changed from work@… to business@…
  • default configuration in the source code
  • Local configuration in user home for DataSource?.groovy, Config.groovy possible that overrides the default
  • later on, a nice configuration wizard
  • security exposure problem can be solved by regenerating them randomly at app startup in the bootstrap

comment:7 Changed 6 years ago by work@…

Changed crypto shared secret into random string on application startup in r1306

comment:8 Changed 6 years ago by business@…

  • Owner changed from business@… to work@…

Change default directory to ~/.grailsconfig and use that in our production instances.

comment:9 Changed 6 years ago by work@…

moved application configuration out of Config.groovy and Datasource.groovy and centralized it in gscf/environment-config.properties in r1360

Server specific application configuration can be overrided in ~/.grails-config/gscf-environment-config.properties

comment:10 Changed 6 years ago by work@…

also see r1363

comment:11 Changed 6 years ago by work@…

moved the default authentication users also into the environment specific java property files in r1364

comment:13 Changed 6 years ago by work@…

  • Status changed from assigned to closed
  • Resolution set to fixed

Hi robert, I was indeed aware of that particular ticket... but as of r1364 the externalization of configuration works as expected. Confirmed on CI, default development and default development with externalized configuration (in ~/.grails-config/gscf-development.properties)

Closing the issue...

Note: See TracTickets for help on using tickets.