Password Manager module

Security and authentication Bundled: Extension

Edition CE

License

MLA, GPL

Issues

Maven site

Latest

2.0.0

The Password Manager module stores encrypted passwords and allows you to retrieve their plain text value programmatically. This is useful for connector modules that need to authenticate to third-party systems with a plain text password.

Once the password is stored, an AdminCentral user can’t see the password in plain text. The plain-text value can only be retrieved programmatically.

The module installs the Passwords app that centralizes the management of passwords in the administration of Magnolia. The passwords are stored in a dedicated workspace called keystore.

Installing with Maven

Maven is the easiest way to install the module. Add the following to your bundle:

<dependency>
  <groupId>info.magnolia.passwordmanager</groupId>
  <artifactId>magnolia-module-password-manager</artifactId>
  <version>2.0.0</version> (1)
</dependency>
1 Should you need to specify the module version, do it using <version>.

The keystore workspace

The passwords are stored in a dedicated workspace called keystore.

Password manager module

The mgnl:passwords node type

The module provides a specific node type for the passwords called mgnl:password.

Key pair values

Password Manager uses a dedicated key pair. The public key that’s used for decryption must be present in the configuration of password-manager-core.

Node name Value

📁 modules

     📁 password-manager-core

         ⬩ publicKey

<PUBLIC_KEY_VALUE>

If you are using docker, you must ensure that the new key pair file is mounted to an external volume. Otherwise the key pair is regenerated on the next deployment and the passwords won’t work.

If you create a new public instance, the public keys need to be synchronized. To synchronize them, you can publish them on the public instances or manually add them to the public instance config workspace.

Key pair generation

The key pair is also stored on the local file system in a file called magnolia-password-manager-keypair.properties by default. The path to this file is configured in the Magnolia property magnolia.password.manager.key.location. The file contains both the private and the public keys used to encrypt and decrypt passwords stored by the Password Manager.

A new file isn’t created on startup if the file containing both keys already exists.

If you want to change the Password Manager key pair:

  1. In the magnolia.properties file, check the location of the password manager key pair file set in magnolia.password.manager.key.location.

  2. Go to your password manager key pair file and update the public and private key values in the file.

  3. Copy and paste the updated public key value from the file into the /modules/password-manager-core@publicKey property. Use the Configuration app to do so.

  4. Reenter any passwords in the Passwords app.

  5. Publish both the public key and the updated passwords to the public instances.

Bootstrapping

Content can be exported and imported for bootstrapping like any other workspace. However, the same encryption key must be used to decrypt the imported passwords as well as encrypt the export.

For security reasons, we don’t recommend bootstrapping password values.

Usage

See the Passwords app page.

Feedback

DX Core

×

Location

This widget lets you know where you are on the docs site.

You are currently perusing through the DX Core docs.

Main doc sections

DX Core Headless PaaS Legacy Cloud Incubator modules