MirthSync and Source Control

[michaeljeffreycollins]

Hello Community,

At my hospital we are using mirthsync to push and pull all the configuration for our channels into a directory structure. But the issue we have run into is that every single password field stored in the xml channel config files are in plaintext. Every source connection to a database, web service, and SFTP just has the user/password right there for anyone with access to see. It gets even worse in the javascript files as they have the configuration variable which is just stored in a different file but also in plain text.

Is there some method we can use to mask, replace, token exchange with all these configuration files to make storing the code more secure?

[morgan-saga]

Hello Michael, currently the recommended method is manual review and redaction of sensitive information from each commit. Of course, if you store passwords in the configuration map, set the configuration map to be stored in the database via the mirth.properties file, and then leverage configuration map variables for credentials this will significantly cut down on the need for redactions. Additionally, the config map can be exported and stored in a password safe or another secure method.

Alternatively, we have discussed a code based review/redaction feature but it is not currently in our development pipeline. If this is something you would like prioritized, please reach out and we can discuss further.