Add support to get rid of plaintext password in property file (Oxalis.conf).

[jaskiratsingh1792]

"oxalis.conf" contains passwords as plain text, which makes the application vulnerable as someone having access to the system can read/modify it.
eg.
oxalis.keystore {
path="xxxx/xxxxxx.jks"
password = "xxxxxabc"
key.alias = cert
key.password = "xxxxxabc"
}

As this appears to be a security vulnerability, can we expect an alternate approach/solution for it ?

[seciq]

@jaskiratsingh1792 The support is already there and you can pass secrets through environment variables.

Here is an example of oxalis.conf where the secret is passed through OXALIS_KEYSTORE_PASSWORD environment variable:

...
oxalis.keystore.path = oxalis-test.p12
oxalis.keystore.password = ${?OXALIS_KEYSTORE_PASSWORD}
oxalis.keystore.key.alias = cert
oxalis.keystore.key.password = ${?OXALIS_KEYSTORE_PASSWORD}
..

More details

Oxalis is using the com.typesafe.config.ConfigFactory to load the configuration. Here is the official documentation for config overrides.