Message-ID: <320044535.1653.1432568702824.JavaMail.firstname.lastname@example.org> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_1652_1458933083.1432568702824" ------=_Part_1652_1458933083.1432568702824 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
Encryption is mostly used to remove clear passwords from setting= s (database or SCM credentials for instance). The implemented solution is b= ased on a symetric key algorithm. The key point is that the secret key is s= tored in a secured file on disk. This file must owned by and readable only = by the system account that runs the SonarQube server, the analysis with Son= arQube Runner, SonarQube Ant Task, Maven or from the Continuous Integration= server.
The algorithm is AES 128 bits. Note that 256 bits cipher is not used bec= ause it's not supported by default on all Java Virtual Machines (see this article).
A unique secret key must be shared between all parts of the SonarQube in= frastructure (server and analyzers). To generate it, go to Settings= > General Settings > Security > Encryption and click on&= nbsp;Generate secret key:
Copy the generated secret key to a file:
Store this file on the machine hosting the SonarQube server (default=
~/.sonar/sonar-secret.txt). If you want =
to store it somewhere else, set its path through the
tKeyPath property in SONARQUBE_HOME/conf/sonar.propert=
Go back to Settings > General Settings > Security > Enc= ryption and generate the encrypted values of your settings:
Simply copy these encrypted values into SONARQUBE_HOME/conf/son= ar.properties:
Restart your SonarQube server.
Copy the secret key file to the machine running the analysis.
Copy these encrypted values into the analyzer configuration file: <= em>sonar-runner.properties, settings.xml, etc. Do not forget to define= the path to your secret key as well.