An application contains an OSGi configuration that contains a password.
How should a developer prevent this sensitive information from being stored in plain text in JCR?
An application contains an OSGi configuration that contains a password.
How should a developer prevent this sensitive information from being stored in plain text in JCR?
To prevent sensitive information from being stored in plain text in JCR, a developer should use the console at /system/console/crypto to encrypt the value. They need to create an encrypted value for each AEM instance and use runmodes to apply the different values or ensure the relevant instances share the same master key. The sensitive information is automatically decrypted using the CryptoSupport OSGi service before the value is returned.
Answer: A Reference: https://www.argildx.com/technology/crypto-support-aem/ https://docs.adobe.com/content/help/en/experience-manager-65/administering/security/encryption-support-for-configuration-properties.html