Feature: Expose bhe_saml_sp_key and bhe_saml_sp_cert via ENV variables #954
Labels
enhancement
New feature or request
ticketed
(automation only) Ticket has been created internally for tracking
Comments
Daniel-CS-Team
added
enhancement
|
Any news on this? :) |
|
Hi, we are waiting for this feature so we can enable SSO. |
StephenHinck
added
ticketed
|
Apologies for the delay on this one - this is already supported, please see: https://github.com/SpecterOps/BloodHound/wiki/Using-Environment-Variables-For-Sensitive-Configuration. You may use the variables |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Feature Description
Expose bhe_saml_sp_key and bhe_saml_sp_cert via ENV variables, so that they can be managed via docker secrets or AWS SecretsManager or equivalent for other platforms.
Are you intending to implement this feature?
no
Current Behavior
bhe_saml_sp_key and bhe_saml_sp_cert must be set in the config-file. Which means that you have to put a private key in plaintext in a static config file, which might be managed via git. This is considered bad practice (at least in our organization), as secrets should only be available at runtime.
Desired Behavior
bhe_saml_sp_key and bhe_saml_sp_cert can be controlled via ENV variables, so that they can be provided only at container runtime and can be stored via the platforms secrets management facility.
Use Case
The features increases the security of bhe_saml_sp_key, makes management of BH easier and makes BH more compliant with security best practices.
Additional Information
First mentioned in Issue 83.
The text was updated successfully, but these errors were encountered: