Read shared secret from environment variable.

src/main/java/benchly/Benchly.java

@@ -42,6 +42,8 @@ public class Benchly {
 
 	private static final Logger LOG = LoggerFactory.getLogger(Benchly.class);
 
+	private static final String SHARED_SECRET_ENV_NAME = "BENCHLY_SHARED_SECRET";
+
 	// a route that can be mapped to all request not handled by other Routes
 	private static Route notFoundRoute = (request, response) -> {
 		String msg = String.format("404 Not found: %s %s", request.requestMethod(), request.pathInfo());
@@ -159,6 +161,14 @@ public static void main(String[] args) {
 		LOG.debug("Startup finished.");
 	}
 
+	public static boolean sharedSecretIsAvailable() {
+		return StringUtils.isNotEmpty(readSharedSecret());
+	}
+
+	public static String readSharedSecret() {
+		return System.getenv(SHARED_SECRET_ENV_NAME);
+	}
+
 	public static String getJdbcUrl() {
 		return jdbcUrl;
 	}

src/main/java/benchly/model/StorageConfig.java

@@ -13,6 +13,8 @@
 import com.j256.ormlite.field.ForeignCollectionField;
 import com.j256.ormlite.table.DatabaseTable;
 
+import benchly.error.InvalidRequestException;
+
 @DatabaseTable(tableName = "storage_config")
 public class StorageConfig extends Model {
 
@@ -179,12 +181,12 @@ public ForeignCollection<StorageFileMeta> getFilesMeta() {
 		return this.filesMeta;
 	}
 
-	public StorageCredential generateNewEncryptedCredential() {
+	public StorageCredential generateNewEncryptedCredential() throws InvalidRequestException {
 		this.encryptedCredential = new StorageCredential(this.credential);
 		return this.encryptedCredential;
 	}
 
-	public StorageCredential getEncryptedCredential() {
+	public StorageCredential getEncryptedCredential() throws InvalidRequestException {
 		if (this.encryptedCredential == null) {
 			return this.generateNewEncryptedCredential();
 		} else {

src/main/java/benchly/model/StorageCredential.java

@@ -15,15 +15,17 @@
 
 import com.google.gson.annotations.Expose;
 
-import benchly.database.TestEntrySetup;
+import benchly.Benchly;
+import benchly.error.InvalidRequestException;
 
 /**
- * This handles how a storage credential may be exposed to the outside world. (By encrypting
- * the actual credential alongside a salt that was used to generate an appropriate key for
- * the encryption. The shared secret is only used indirectly to generate the encrypted credential.)
+ * This handles how a storage credential may be exposed to the outside world.
+ * (By encrypting the actual credential alongside a salt that was used to
+ * generate an appropriate key for the encryption. The shared secret is only
+ * used indirectly to generate the encrypted credential.)
  */
 public class StorageCredential {
-	
+
 	private static final Logger LOG = LoggerFactory.getLogger(StorageCredential.class);
 
 	@Expose(deserialize = false)
@@ -32,15 +34,20 @@ public class StorageCredential {
 	@Expose(deserialize = false)
 	private String salt;
 
-	protected StorageCredential(String plainCredential) { 
-		char[] sharedSecret = TestEntrySetup.THE_SHARED_SECRET.toCharArray();
+	protected StorageCredential(String plainCredential) throws InvalidRequestException {
+		if (!Benchly.sharedSecretIsAvailable()) {
+			throw new InvalidRequestException("This server is not configured to generate encrypted credentials.");
+		}
+
+		char[] sharedSecret = Benchly.readSharedSecret().toCharArray();
 		int keySize = 256;
 		int iterations = 60000;
-		
+
 		// generate a salt
 		byte[] saltBytes = (new SecureRandomNumberGenerator()).nextBytes().getBytes();
-
-		// generate a key from from the salt and the shared secret suitable for encryption 
+
+		// generate a key from from the salt and the shared secret suitable for
+		// encryption
 		PBEKeySpec pbe = new PBEKeySpec(sharedSecret, saltBytes, iterations, keySize);
 		Key key;
 		try {
@@ -65,7 +72,5 @@ public String getEnryptedCredential() {
 	public String getSalt() {
 		return salt;
 	}
-
-
 
 }