Plain text token in config!
bouvierh
nginx-forum at forum.nginx.org
Thu Apr 8 18:58:01 UTC 2021
Hello!
I currently use Nginx as a reverse proxy for my backend services.
Nginx authenticates itself to the backend services using a Token that is
generated by a process every 10 minutes and that process is writing the
token in the config file and reloading nginx regularly:
location / {
proxy_set_header Authorization "PLAIN TEXT TOKEN WRITTEN BY PROCESS";
proxy_pass https://backend;
}
I would like to avoid having a token in plain text. Is there a way to avoid
that?
I though of the following options:
- Use env var: But that is impossible nginx doesn't support it
- Query the token by having the process establish a local server. Could work
but how can the process return the result as a variable to nginx?
- Pass the config in memory instead of writing it to a file. Could be a
simple option but I didn't find a way to do that.
Do you have any idea how I can achieve that?
Thank you!
Hugues
Posted at Nginx Forum: https://forum.nginx.org/read.php?2,291202,291202#msg-291202
More information about the nginx
mailing list