[SR-Users] DBURL password in clear

[Daniel-Constantin Mierla]

Hello,


On 14.11.17 14:25, Robert wrote:
> Hello,
>
> I’m working for a UK high street bank and our Kamailio implementation has been challenged because we’ve got database passwords held in clear in the configuration file.
>
> I am unable to find any examples of where this has been worked around, there doesn’t seem to be any module or configuration means of supplying a variable in the modparam() entry that is expanded a startup. The security tutorials only seem to relate to the SIP level of security, not Kamailio as a platform.
>
> My requirement is simple, I need to be able to supply a password via means such as loading a variable from a run-once script at start up, or a module. The ideal would be to be able to read in a Docker secret :)
>
> I am by no means a Kamailio expert, so apologies in advance if this is a mindblowingly basic thing to achieve, but I do feel I’ve exhausted the Kamailio documentation, wiki etc. and all the goodness Google usually has to offer and drawn a blank.
>
> Sincere thanks in advance for any assistance.
>
>
you can define a for a token to be used inside kamailio.cfg by using -A
command line parameter. So when you start kamailio, fetch the password
from your secure system by what so ever meaning, then build the database
url based on it and run kamailio with:

kamailio - A DBURL='mysql://user:passwd@dbhost/kamailio' ...

You may need to enclose in double quotes inside the single quotes, I am
not sure at this moment, but sometime she shell 'eats' a pair of quotes,
so just try with it if first fails ...

Cheers,
Daniel

-- 
Daniel-Constantin Mierla
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Kamailio Advanced Training, Nov 13-15, 2017, in Berlin - www.asipto.com
Kamailio World Conference - www.kamailioworld.com