cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Erik Weber <>
Subject Re: hidden configuration items
Date Tue, 10 May 2016 07:29:56 GMT
On Sat, May 7, 2016 at 8:09 AM, Nathan Johnson <> wrote:

> If you hit the /client/console endpoint with a vmid, it sends you back some
> data that contains a link to a the console proxy VM and passes an encrypted
> json payload that has the user, password and port for a vnc connection.
> Normally this is meant to load in an iframe.  We want to decrypt this
> response to direct a VNC client to the appropriate host / port / user /
> pass and bypass use of the console proxy VM.  The key and iv appear to be
> stored in the configuration table under the names security.encryption.key
> and security.encryption.iv, but as they are hidden we cannot get these
> credentials via the listConfigurations endpoint as-is.  So my question is:
> What would be the most appropriate way to open up the possibility of
> showing “hidden” configuration items via this API to our middleware?  Some
> sort of entry in a config file somewhere?  An entry in the configuration
> table itself?  Or is there some other way to get this information I’m
> looking for?
Just tested:

mysql> update configuration set category='Secure' where name in
('security.encryption.iv', 'security.encryption.key');

(default) > list configurations name=security.encryption.iv

count = 1



| category |          name          |         value          |
description       |


|  Secure  | security.encryption.iv | <REMOVED FOR SECURITY> | base64
encoded IV data |



  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message