Skip to content
This repository has been archived by the owner on Nov 14, 2021. It is now read-only.

[Question] Is this a valid and safe approach? #8

Open
Skeeve opened this issue Sep 28, 2020 · 0 comments
Open

[Question] Is this a valid and safe approach? #8

Skeeve opened this issue Sep 28, 2020 · 0 comments

Comments

@Skeeve
Copy link

Skeeve commented Sep 28, 2020
edited

Some programs accept credentials in environment Variables.

My approach is described below.

My question: Is this a valid and safe approach?

  1. Create an encrypted string of the environment settings:

    sshcrypt agent-encrypt <<HERE
export USERNAME=username
export PASSWORD=password
HERE

  2. Different approaches possible
    a. Put it into a file mycredentials like this

$( sshcrypt agent-decrypt <<'EOF'
THE CRYPTED STRING HERE
EOF
)

source that file when the credentials are required

source ~/mycredentials
programs requiring credentials

b. Put a credentials-variable into your shell-startup

MY_CREDENTIALS='THE CRYPTED STRING HERE'

Decrypt when required:

$( sshcrypt agent-decrypt <<<$MY_CREDENTIALS )
programs requiring credentials
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Skeeve