Initial prototype of encrypted secure.config

This initial version is a pure copy of the Gerrit DefaultSecureStore,
which contains the basic structure of the plugin and the associated
documentation.

Main purpose of this commit is to demonstrate that we can build
the plugin, install on Gerrit /lib, configure and have it fully
working with a secure.config file.

Change-Id: I60e4754a7fc2826362784c25ca59305c43015ff5
5 files changed
tree: 8ad2e883c7a1c404426b22092a0778c6db205794
  1. src/
  2. BUCK
  3. BUILD
  4. LICENSE
  5. README.md
README.md

Secure Config plugin

Encrypt all the values contained in the Gerrit's secure.config.

How to build

Clone the secure-config plugin into a Gerrit source tree under the directory plugins/secure-config, and then run:

   $ buck build plugins/secure-config

Resulting plugin jar is generated under /buck-out/gen/plugins/secure-config/secure-config.jar

How to install

Differently from the other plugins, secure-config needs to be copied to the /lib directory of Gerrit installation.

Example:

   $ cp buck-out/gen/plugins/secure-config/secure-config.jar $GERRIT_SITE/lib/

How to configure

Add the gerrit.secureStoreClass configuration entry in gerrit.config to instruct Gerrit to use the secure-store plugin for the encryption and decryption of all values contained in your secure.config file.

Example:

   $ cat - >> $GERRIT_SITE/etc/gerrit.config
   [gerrit]
     secureStoreClass = com.googlesource.gerrit.plugins.secureconfig.SecureConfigStore
   ^D