Menu
Just wondering if there is any way to secure the environment variables in a *nix system such that they can not be read from any plain text file, but is available in the environment.
I know we can always use filesystem level permissions for .bashrc/.bash_profile, but what if certain variables (like db passwords) are to be hidden completely?
One way to do would be to write some sort of program/perl script to:
Is there any other better and more obvious way to achieve this?
Thanks!
-Gaurav
253
To make the change permanent, enter the command PATH=$PATH:/opt/bin into your home directory's . bashrc file. When you do this, you're creating a new PATH variable by appending a directory to the current PATH variable, $PATH .
Encrypto-env is a cli tool that makes it easy to setup, encrypt, and access environment variables for your personal projects. To encrypt the . env file, an RSA key is used (stored in a pem file). The user can then access the environment variables by specifying the location of the .
Environment variables are more secure than plaintext files, because they are volatile/disposable, not saved; i.e. if you set only a local environment variable, like "set pwd=whatever," and then run the script, with something that exits your command shell at the end of the script, then the variable no longer exists.
The good practice is to store them in the ConfigVars: they are separated from the code and are 'safe' in case someone gains access to the files of the application. Locally it is ok to use . env (with the package dotenv) but the file is typically never pushed or stored with the application.
No way. Even if you hide it from text file, it is still available from /proc/<pid>/environ (linux) or ps e (other unix).
181
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
