Critical The Nuxeo Platform has many configuration files with credentials hardcoded with clear text (not just within nuxeo.conf but also within specific configuration files), for ex:
- Configuration/Credentials related to MongoDB
- Configuration/Credentials related to LDAP
- Configuration/Credentials related to Oracle
- Configuration/Credentials for Mail/SMTP
- etc
As per the Bank standards, this is not allowed and all these credentials must be maintained in secure secrets store for secure authentication, like CyberArk Vaults.
Currently Nuxeo doesn't support CyberArk or any other solution developed for maintaining credentials in secure way like Azure Key Vault, Hashicorp etc.
In order to make Nuxeo compliant with Bank standards, a solution to integrate Nuxeo with CyberArk needs to be developed.
The new service to use secure secrets store should allow different implementations.