You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@camel.apache.org by Wilken Marci J <MA...@dhsoha.state.or.us.INVALID> on 2022/09/06 23:01:23 UTC
Encrypt header value.
HI all,
Issue: sensitive data getting passed from the exchange header to the logs in the clear.
Is there a way to encrypt header value in camel? I've got several values; id, ssn, dob, password that get passed around in the message header or that I would like to pass in the header. I would prefer to pass these with some kind of encryption instead of a String.
Simple example: To call an sftp route I need to send the password and for debugging purposes I want to log the call before connecting. Route A reads the vault for the appropriate user id and password and place the info in the header (the message is in the body) and call the sftp route.
.log(LoggingLevel.INFO, "ftps://{{file.router.remote.host}}:{{file.router.remote.port}}//{{file.router.remote.home}}"
+ "?password=${header.password}"
+ "&username=${header.userName}"
// + "&stepwise=true" // unknown if it works or makes a difference
// doesn't like + "&strictHostKeyChecking=no"
+ "&include=${header.CamelFileName}"
+ "&fileName=${header.TransmissionCamelFileName}"
+ "&noop=true"
+ "&keepLastModified=true"
// ojd does not like this + "&execPbsz={{file.router.remote.ftpsPBSZ}}"
+ "&securityProtocol={{file.router.remote.ftpsprotocol}}"
+ "&passiveMode=true" // ?
+ "&binary=false" // ?
// doesn't like + "&implicit={{file.router.remote.ftpsimplicit}}"
// leave the file to be archived
+ "&reconnectDelay={{file.router.reconnectDelay}}"
+ "&maximumReconnectAttempts={{file.router.maximumReconnectAttempts}}"
+ "&backoffErrorThreshold=5"
+ "&backoffMultiplier=10"
+ "&runLoggingLevel={{file.router.runLoggingLevel:WARN}}"
+ "&transferLoggingVerbose=true")
Regards-
Marci Wilken
She/Her/Hers
Operations Architect
Office of Information Services
OHA/DHS/CAF-CW/OR-KIDS
Desk: 503.378.2405 Cell: 503.979.9680
CONFIDENTIALITY NOTICE
This email may contain information that is privileged, confidential, or otherwise exempt from disclosure under applicable law. If you are not the addressee or it appears from the context or otherwise that you have received this email in error, please advise me immediately by reply email, keep the contents confidential, and immediately delete the message and any attachments from your system.
Re: Encrypt header value.
Posted by Jeremy Ross <je...@gmail.com>.
Yep.
On Sat, Sep 10, 2022 at 3:39 PM ski n <ra...@gmail.com> wrote:
> @Jeremy Don't you mean Jasypt:
>
> https://camel.apache.org/components/3.18.x/others/jasypt.html
>
> On Sat, Sep 10, 2022 at 7:12 PM Jeremy Ross <je...@gmail.com>
> wrote:
>
> > Have you looked at the jsypt component? With it, you can store your
> > password encrypted, then access it using property placeholder syntax:
> >
> > ftps://<host>?password={{my_ftp_password}}
> >
> > Of course, if your file system security is sufficient, you can skip the
> > jsypt part. Everything else would be the same.
> >
> >
> > On Tue, Sep 6, 2022 at 6:02 PM Wilken Marci J
> > <MA...@dhsoha.state.or.us.invalid> wrote:
> >
> > > HI all,
> > > Issue: sensitive data getting passed from the exchange header to the
> logs
> > > in the clear.
> > >
> > > Is there a way to encrypt header value in camel? I've got several
> > > values; id, ssn, dob, password that get passed around in the message
> > > header or that I would like to pass in the header. I would prefer to
> > pass
> > > these with some kind of encryption instead of a String.
> > >
> > > Simple example: To call an sftp route I need to send the password and
> for
> > > debugging purposes I want to log the call before connecting. Route A
> > reads
> > > the vault for the appropriate user id and password and place the info
> in
> > > the header (the message is in the body) and call the sftp route.
> > >
> > >
> > > .log(LoggingLevel.INFO,
> > >
> >
> "ftps://{{file.router.remote.host}}:{{file.router.remote.port}}//{{file.router.remote.home}}"
> > > +
> > > "?password=${header.password}"
> > > +
> > > "&username=${header.userName}"
> > > //
> > > + "&stepwise=true" // unknown if it works or makes a
> > difference
> > > // doesn't like
> +
> > > "&strictHostKeyChecking=no"
> > > +
> > > "&include=${header.CamelFileName}"
> > > +
> > > "&fileName=${header.TransmissionCamelFileName}"
> > > +
> > > "&noop=true"
> > > +
> > > "&keepLastModified=true"
> > > // ojd does not like this +
> > > "&execPbsz={{file.router.remote.ftpsPBSZ}}"
> > > +
> > > "&securityProtocol={{file.router.remote.ftpsprotocol}}"
> > > +
> > > "&passiveMode=true" // ?
> > > +
> > > "&binary=false" // ?
> > > //
> > doesn't
> > > like + "&implicit={{file.router.remote.ftpsimplicit}}"
> > > //
> leave
> > > the file to be archived
> > > +
> > > "&reconnectDelay={{file.router.reconnectDelay}}"
> > > +
> > > "&maximumReconnectAttempts={{file.router.maximumReconnectAttempts}}"
> > > +
> > > "&backoffErrorThreshold=5"
> > > +
> > > "&backoffMultiplier=10"
> > > +
> > > "&runLoggingLevel={{file.router.runLoggingLevel:WARN}}"
> > > +
> > > "&transferLoggingVerbose=true")
> > >
> > >
> > >
> > > Regards-
> > > Marci Wilken
> > > She/Her/Hers
> > > Operations Architect
> > > Office of Information Services
> > > OHA/DHS/CAF-CW/OR-KIDS
> > > Desk: 503.378.2405 Cell: 503.979.9680
> > >
> > > CONFIDENTIALITY NOTICE
> > > This email may contain information that is privileged, confidential, or
> > > otherwise exempt from disclosure under applicable law. If you are not
> the
> > > addressee or it appears from the context or otherwise that you have
> > > received this email in error, please advise me immediately by reply
> > email,
> > > keep the contents confidential, and immediately delete the message and
> > any
> > > attachments from your system.
> > >
> > >
> > >
> >
>
Re: Encrypt header value.
Posted by ski n <ra...@gmail.com>.
@Jeremy Don't you mean Jasypt:
https://camel.apache.org/components/3.18.x/others/jasypt.html
On Sat, Sep 10, 2022 at 7:12 PM Jeremy Ross <je...@gmail.com> wrote:
> Have you looked at the jsypt component? With it, you can store your
> password encrypted, then access it using property placeholder syntax:
>
> ftps://<host>?password={{my_ftp_password}}
>
> Of course, if your file system security is sufficient, you can skip the
> jsypt part. Everything else would be the same.
>
>
> On Tue, Sep 6, 2022 at 6:02 PM Wilken Marci J
> <MA...@dhsoha.state.or.us.invalid> wrote:
>
> > HI all,
> > Issue: sensitive data getting passed from the exchange header to the logs
> > in the clear.
> >
> > Is there a way to encrypt header value in camel? I've got several
> > values; id, ssn, dob, password that get passed around in the message
> > header or that I would like to pass in the header. I would prefer to
> pass
> > these with some kind of encryption instead of a String.
> >
> > Simple example: To call an sftp route I need to send the password and for
> > debugging purposes I want to log the call before connecting. Route A
> reads
> > the vault for the appropriate user id and password and place the info in
> > the header (the message is in the body) and call the sftp route.
> >
> >
> > .log(LoggingLevel.INFO,
> >
> "ftps://{{file.router.remote.host}}:{{file.router.remote.port}}//{{file.router.remote.home}}"
> > +
> > "?password=${header.password}"
> > +
> > "&username=${header.userName}"
> > //
> > + "&stepwise=true" // unknown if it works or makes a
> difference
> > // doesn't like +
> > "&strictHostKeyChecking=no"
> > +
> > "&include=${header.CamelFileName}"
> > +
> > "&fileName=${header.TransmissionCamelFileName}"
> > +
> > "&noop=true"
> > +
> > "&keepLastModified=true"
> > // ojd does not like this +
> > "&execPbsz={{file.router.remote.ftpsPBSZ}}"
> > +
> > "&securityProtocol={{file.router.remote.ftpsprotocol}}"
> > +
> > "&passiveMode=true" // ?
> > +
> > "&binary=false" // ?
> > //
> doesn't
> > like + "&implicit={{file.router.remote.ftpsimplicit}}"
> > // leave
> > the file to be archived
> > +
> > "&reconnectDelay={{file.router.reconnectDelay}}"
> > +
> > "&maximumReconnectAttempts={{file.router.maximumReconnectAttempts}}"
> > +
> > "&backoffErrorThreshold=5"
> > +
> > "&backoffMultiplier=10"
> > +
> > "&runLoggingLevel={{file.router.runLoggingLevel:WARN}}"
> > +
> > "&transferLoggingVerbose=true")
> >
> >
> >
> > Regards-
> > Marci Wilken
> > She/Her/Hers
> > Operations Architect
> > Office of Information Services
> > OHA/DHS/CAF-CW/OR-KIDS
> > Desk: 503.378.2405 Cell: 503.979.9680
> >
> > CONFIDENTIALITY NOTICE
> > This email may contain information that is privileged, confidential, or
> > otherwise exempt from disclosure under applicable law. If you are not the
> > addressee or it appears from the context or otherwise that you have
> > received this email in error, please advise me immediately by reply
> email,
> > keep the contents confidential, and immediately delete the message and
> any
> > attachments from your system.
> >
> >
> >
>
Re: Encrypt header value.
Posted by Jeremy Ross <je...@gmail.com>.
Have you looked at the jsypt component? With it, you can store your
password encrypted, then access it using property placeholder syntax:
ftps://<host>?password={{my_ftp_password}}
Of course, if your file system security is sufficient, you can skip the
jsypt part. Everything else would be the same.
On Tue, Sep 6, 2022 at 6:02 PM Wilken Marci J
<MA...@dhsoha.state.or.us.invalid> wrote:
> HI all,
> Issue: sensitive data getting passed from the exchange header to the logs
> in the clear.
>
> Is there a way to encrypt header value in camel? I've got several
> values; id, ssn, dob, password that get passed around in the message
> header or that I would like to pass in the header. I would prefer to pass
> these with some kind of encryption instead of a String.
>
> Simple example: To call an sftp route I need to send the password and for
> debugging purposes I want to log the call before connecting. Route A reads
> the vault for the appropriate user id and password and place the info in
> the header (the message is in the body) and call the sftp route.
>
>
> .log(LoggingLevel.INFO,
> "ftps://{{file.router.remote.host}}:{{file.router.remote.port}}//{{file.router.remote.home}}"
> +
> "?password=${header.password}"
> +
> "&username=${header.userName}"
> //
> + "&stepwise=true" // unknown if it works or makes a difference
> // doesn't like +
> "&strictHostKeyChecking=no"
> +
> "&include=${header.CamelFileName}"
> +
> "&fileName=${header.TransmissionCamelFileName}"
> +
> "&noop=true"
> +
> "&keepLastModified=true"
> // ojd does not like this +
> "&execPbsz={{file.router.remote.ftpsPBSZ}}"
> +
> "&securityProtocol={{file.router.remote.ftpsprotocol}}"
> +
> "&passiveMode=true" // ?
> +
> "&binary=false" // ?
> // doesn't
> like + "&implicit={{file.router.remote.ftpsimplicit}}"
> // leave
> the file to be archived
> +
> "&reconnectDelay={{file.router.reconnectDelay}}"
> +
> "&maximumReconnectAttempts={{file.router.maximumReconnectAttempts}}"
> +
> "&backoffErrorThreshold=5"
> +
> "&backoffMultiplier=10"
> +
> "&runLoggingLevel={{file.router.runLoggingLevel:WARN}}"
> +
> "&transferLoggingVerbose=true")
>
>
>
> Regards-
> Marci Wilken
> She/Her/Hers
> Operations Architect
> Office of Information Services
> OHA/DHS/CAF-CW/OR-KIDS
> Desk: 503.378.2405 Cell: 503.979.9680
>
> CONFIDENTIALITY NOTICE
> This email may contain information that is privileged, confidential, or
> otherwise exempt from disclosure under applicable law. If you are not the
> addressee or it appears from the context or otherwise that you have
> received this email in error, please advise me immediately by reply email,
> keep the contents confidential, and immediately delete the message and any
> attachments from your system.
>
>
>