Our customer has asked us to import files from a network drive to Ignition to process.
I initially followed the documentation (linked here) to map a network drive successfully, however the customer cyber team have complained about the plaintext password in the ignition.conf wrapper file.
Has anyone had any success using a hashed/encrypted password in the wrapper, or alternatively retrieving it from a more secure location to be used in the wrapper?
An initial search through forums, etc has not come back with anything useful for me so far and Iām a bit stumped.
If they aren't available at boot, they won't magically connect later. If they connect then break, they won't reconnect. They'll be broken until you restart the service.
Aside from the password exposure, they are just a terrible idea.
Set your service to run as a user that has appropriate network privileges. Use UNC paths everywhere in Ignition where you were hoping to use the mapped drive.
In addition to this, when setting up the user to use for the service it hardens your install. There's also a CVE detailing a vulnerability with using the default SYSTEM account that has additional hardening recommendations.