Is it safe to keep a plain text password retrieved from a password vault(CyberArk) in - Printable Version +- Micro Focus QTP (UFT) Forums (https://www.learnqtp.com/forums) +-- Forum: General (https://www.learnqtp.com/forums/Forum-General) +--- Forum: Posting Guidelines/Disclaimer (https://www.learnqtp.com/forums/Forum-Posting-Guidelines-Disclaimer) +--- Thread: Is it safe to keep a plain text password retrieved from a password vault(CyberArk) in (/Thread-Is-it-safe-to-keep-a-plain-text-password-retrieved-from-a-password-vault-CyberArk-in) |
Is it safe to keep a plain text password retrieved from a password vault(CyberArk) in - raivivan - 06-29-2023 I have an application that has an image upload feature, the images are stored on a 3rd party service which is basically an SFTP server. The credentials for accessing this storage were initially hard-coded in the java service class itself, and to secure it, I am planning to keep the SFTP server credentials in a password vault(CyberArk) and then retrieve the credential programmatically (when the application starts up) using the cyberArk REST API and certificate auth method. After retrieving the credentials from the vault, I plan to keep the password in memory and use it for subsequent communication with the SFTP server. Is this the correct approach? Or will this still be a security risk? Note1: this is a Java Struts2 application and deployed as a war on JBoss server.
Note2: I read in some places that its safer to use char array instead of a string to store a password, but not sure if that is enough.
|