How to obfuscate the data in Nginx configuration?

Asked Nov 20 '19 at 10:38

Active Nov 20 '19 at 10:38

Viewed 435 times

in Nginx.conf I'm using below code

    # Set OAuth Client details
    set $client_id nginx_client;
    set $client_secret nginx_secret;

Is there any way to obfuscate or hide the above hard-coded variables without using any external libraries for more secure way of defining those variables.

asked Nov 20 '19 at 10:38

Sarvesh Gupta

you can try use environment variables: https://stackoverflow.com/questions/21866477/nginx-use-environment-variables – Marc Sances Nov 20 '19 at 10:44
@MarcSances Will that be a secure way? This is basically OAuth credentials we're talking about – Sarvesh Gupta Nov 21 '19 at 08:51
If you don't have any arbitrary code execution risk (where environment variables may be accessable), and your production server is properly secured to prevent unauthorized access, this is the common approach so that the credentials are not in plain. How you set this variables is what will pose a risk. The idea is that you can have the configuration stored in some code repository to keep track of it, and set the environment variables in a protected script in your production server. – Marc Sances Nov 21 '19 at 09:09

How to obfuscate the data in Nginx configuration?

0 Answers0