Details
-
Improvement
-
Resolution: Fixed
-
Critical
-
None
-
Security Level: Public
-
None
-
CBG Sprint 137
-
1
Description
Config environment variable expansion is always enabled and works for:
- Legacy config file
- Startup config file (bootstrap)
- Persistent database config (REST API)
The last one can be problematic, because remote administrators can define the configuration without access to the machine running Sync Gateway, unlike the first two.
Add a bootstrap config option to disable env var expansion for persistent database configs / database configs via REST API.
We cannot easily prevent env var expansion for legacy/startup config files, because the option to disable it would be inside the config itself, and is less of an issue when considering the access required to write the bootstrap config file.