Rita via plug on 11 Jan 2024 05:54:21 -0800 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
Re: [PLUG] secure variables in bash |
Isn’t the usual way to have the process read it from a file or environment variable? How can you hide it if you put it into the command line?Thanks,Aaron___________________________________________________________________________On Thu, Jan 11, 2024 at 8:46 AM Rita via plug <plug@lists.phillylinux.org> wrote:The root process can have the password, thats OK. Someone else on the same system (ps, /proc/) shouldn't be able to see it.On Wed, Jan 10, 2024 at 9:48 PM K.S. Bhaskar via plug <plug@lists.phillylinux.org> wrote:It seems to me that the big question when it comes to keeping secrets is who you want to share it with, and importantly, who you want to keep it from. A root process? Someone on another system who might see it on a core dump?Regards– Bhaskar___________________________________________________________________________On Wed, Jan 10, 2024 at 8:18 PM Rita via plug <plug@lists.phillylinux.org> wrote:I am hoping there is a clever, unix-y way to do this.___________________________________________________________________________I have something like this,secret=$(curl https://server/api/creds | jq .Secret)process --secret=$secretThis works fine, but I was wondering if there was a better way to secure my "secret" with tools like ssh, gpg, etc..My intention is to avoid seeing secret from `ps` or `bash -x`. It seems deceptively simple but quite hard to do.Any ideas?----- Get your facts first, then you can distort them as you please.--
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
----- Get your facts first, then you can distort them as you please.--___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug