Obfuscating password LDAP AD

Question

I have my parameters in a properties file.

managerDn=cn=read-only-admin,dc=example,dc=com
managerPassword=69BPoqG3sWr/MNspi4ZsDw==
server=ldaps://server.local:636
groupSearchBase=ou=test,dc=example,dc=com
base=dc=example,dc=coms

My password is encrypted, but the client told me: all you have done is encrypt the password and we need it Obfuscating ie making so that no one can read it.

Any idea?

Answer 1

Maybe the best option is to base64 encode the entire property file. It's not encryption but and more "obfuscation". To do this you could do something like this:

//encode:
def encoded = file.text.bytes.encodeBase64().toString()

//decode:
def password = new String(file.text.decodeBase64())

Your property file would like this:

bWFuYWdlckRuPWNuPXJlYWQtb25seS1hZG1pbixkYz1leGFtcGxlLGRjPWNvbQ0KbWFuYWdlclBhc3N3b3JkPTY5QlBvcUczc1dyL01Oc3BpNFpzRHc9PQ0Kc2VydmVyPWxkYXBzOi8vc2VydmVyLmxvY2FsOjYzNg0KZ3JvdXBTZWFyY2hCYXNlPW91PXRlc3QsZGM9ZXhhbXBsZSxkYz1jb20NCmJhc2U9ZGM9ZXhhbXBsZSxkYz1jb21z

here is a link that might help with base64 in Groovy.

NOTE: This really doesn't make anything more secure it's just hiding the plain text. Anyone that knows what they're looking at would decode it the same way you would. It would seem your client isn't familiar with this type of security. There are more secure ways of doing this. You may want to look into salting the actual encryption process or using a token exchange with another service to give you the password.