-
Notifications
You must be signed in to change notification settings - Fork 49
Setup UI Login System
Alaa Ben Fatma edited this page May 3, 2021
·
1 revision
Credential digger can be deployed as a web application, thus giving anyone, who knows the IP:PORT through which we can access the tool, the possibility to access sensitive information about the repos that are being scanned- especially in the context of an Enterprise. The login mechanism fixes this issue by giving the right to access the scanner to only those who know the password.
- In order to enable the UI login mechanism, the two environment variables
UI_PASSWORD
and theSECRET_KEY
have to be set in the.env
.
- The
UI_PASSWORD
is the password the user has to enter when accessing the tool for the first time upon deployment. - The
SECRET_KEY
is used to sign the JWT (JSON Web Token) that will stored in order to indicate that the user has entered a correct password.
- Start the docker container
In order to generate a SECRET_KEY
, run the following command:
python -c 'import os; print(os.urandom(24).hex())'
It is also recommended, but not mandatory, to enable this login system when the application is running over the HTTPS protocol. Refer to this wiki on how to enable HTTPS support.
- Installation instructions: Readme
- Preparation for the scanner's rules
- Deploy over HTTPS (Optional)
- How to update the project
- How to install on MacOS ARM
- Python library
- CLI
- Web UI through the Docker installation
- Pre-commit hook