Obfuscate sensitive configuration file information

The connector SDK contains SensitiveDataCodec functionality allowing you to encode and decode information your configuration file. To obfuscate sensitive information in your configuration file:

  1. Run your connector with the -DsecurityLevel=OBFUSCATED and com.google.enterprise.cloudsearch.sdk.config.SensitiveDataCodec parameters. This command requests the sensitive configuration parameter in your configuration file, such as a sharepoint.password parameter containing a password to a data source.

    java -DsecurityLevel=OBFUSCATED -cp google-cloudsearch-csv-connector-v1-0.0.2-withlib.jar    com.google.enterprise.cloudsearch.sdk.config.SensitiveDataCodec
    

    This command outputs an obfuscated value similar to obf:Pm1saUwfSUJb5sPblTjPUw==.

  2. In your configuration file, add the obfuscated value in place of the sensitive string. For example:

    sharepoint.password=obf:Pm1saUwfSUJb5sPblTjPUw==
    

You can also use a key pair with your own keys from Java Keystore. For example:

java -DsecurityLevel=ENCRYPTED -Djavax.net.ssl.keyStore=encryptKeyStore.jks -Djavax.net.ssl.keyStorePassword=testtest -Djavax.net.ssl.keyStoreType=JKS -Dalias=testkeypair -cp google-cloudsearch-csv-connector-v1-0.0.2-withlib.jar com.google.enterprise.cloudsearch.sdk.config.SensitiveDataCodec

If you are using your own keys, you must pass similar parameters while running your connector.

Send feedback about...

Cloud Search
Cloud Search