[SR-Users] Presence of plain text username and password in kamailio.cfg
Olle E. Johansson
oej at edvina.net
Thu Nov 19 12:07:11 CET 2020
It is an interesting proposal to find a way for Kamailio to fetch external credentials in run-time,
not having them in clear text in config files. Like integration with hashicorp vault or something.
/O
> On 18 Nov 2020, at 15:50, Ahmed Marsou <amarsou1988 at gmail.com> wrote:
>
> Thank you so much, David and Alexandru.
> I'm not sure but i read something about reading the config from my.cnf
>
> http://www.kamailio.org/docs/modules/5.0.x/modules/db_mysql.html#idp419 <http://www.kamailio.org/docs/modules/5.0.x/modules/db_mysql.html#idp419>
>
> The problem is that my.cnf, have 600 permission and I'm running kamailio with user kamailio, so the question is,
> There is a way to read this file as root on startup but run kamailio as kamailio?
> The option AWS Parameter Store, is something related to amazon, right?
>
> Tank you so much.
>
> El mié., 18 nov. 2020 a las 15:29, David Villasmil (<david.villasmil.work at gmail.com <mailto:david.villasmil.work at gmail.com>>) escribió:
> I just get the params from AWS Parameter Store and pass it to Kamailio on startup. Downsize is you can see them in “ps”.
>
> On Wed, 18 Nov 2020 at 12:40, Alexandru Covalschi <568691 at gmail.com <mailto:568691 at gmail.com>> wrote:
> Alternative way is to use unixodbc, but it just means you put the password into another file.
>
> ср, 18 нояб. 2020 г. в 14:35, Alexandru Covalschi <568691 at gmail.com <mailto:568691 at gmail.com>>:
> Don't use databases. Create an API and use it to access the data you need. Won't work for every possible usage, but in general API-driven SIP-routing is very possible with Kamailio, especially with KEMI.
>
> ср, 18 нояб. 2020 г. в 11:32, Ahmed Marsou <amarsou1988 at gmail.com <mailto:amarsou1988 at gmail.com>>:
> Hi;
> I want to remove all plain text usernames an passwords from kamailio.cfg file. Like modparam("auth_db", "db_url", "dbdriver://username:password@dbhost/dbname")
> or this modparam("sqlops","sqlcon","ca=>dbdriver://username:password@dbhost/dbname")
> Can you help me with some ideas of how can I handle that?
> Thank you.
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org <mailto:sr-users at lists.kamailio.org>
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users <https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users>
>
>
> --
> Alexandru Covalschi
> VoIP engineer and system administrator
> tel: +37367398493
>
>
>
> --
> Alexandru Covalschi
> VoIP engineer and system administrator
> tel: +37367398493
>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org <mailto:sr-users at lists.kamailio.org>
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users <https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users>
> --
> Regards,
>
> David Villasmil
> email: david.villasmil.work at gmail.com <mailto:david.villasmil.work at gmail.com>
> phone: +34669448337
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org <mailto:sr-users at lists.kamailio.org>
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users <https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20201119/663f1283/attachment.htm>
More information about the sr-users
mailing list