K.S. Bhaskar via plug on 10 Jan 2024 18:48:47 -0800


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] secure variables in bash

It seems to me that the big question when it comes to keeping secrets is who you want to share it with, and importantly, who you want to keep it from. A root process? Someone on another system who might see it on a core dump?

Regards
– Bhaskar

On Wed, Jan 10, 2024 at 8:18 PM Rita via plug <plug@lists.phillylinux.org> wrote:
I am hoping there is a clever, unix-y way to do this. 

I have something like this, 

secret=$(curl https://server/api/creds | jq .Secret)
process --secret=$secret

This works fine, but I was wondering if there was a better way to secure my "secret" with tools like ssh, gpg, etc..

My intention is to avoid seeing secret from `ps` or `bash -x`.  It seems deceptively simple but quite hard to do.

Any ideas?




--
--- Get your facts first, then you can distort them as you please.--
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug