Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Storing credentials for automated use

I've already looked around, and since i'm no security or encryption expert, I am still confused on how to implement encryption in my program. I need a server to login to its gitHub account to update code files with special headers. The only hang-up I have right now is how to store/retrieve the server's credentials.

PushOptions push = new PushOptions
{
    Credentials =
    new UsernamePasswordCredentials
    {
        Password = "password",
        Username = "Username"
    }
};

How would I encrypt these credentials for storage? I know its a bad idea to store them in the code like the example is, and it would be a bad idea as well to store them in any file unencrypted.

Also, the only user interaction I want occurs when they compile and setup the program on the server. It's as a cronjob on a linux server, in-case that makes a difference. Another detail to note, I'm using libgit2sharp, but previously was using a bash script and ssh to authenticate for testing.

like image 385
maliddle Avatar asked Jul 23 '14 17:07

maliddle


People also ask

How do you store credentials in Automation Anywhere?

Using the credentials in Automation Anywhere client When adding a new bot action, navigate to the action you wish to invoke and pick the “Select a credential” option to add the credential as is. Now you can manage your credentials securely and minimize the possibility of fraud.

What data should be stored in the credential vault in Automation Anywhere?

Automation Anywhere Enterprise A2019 enables developers to leverage an in-built Credential Vault to securely store and retrieve values like usernames, passwords, URLs, environment variables, etc.

What is the best method of storing user passwords for a system?

Hashing and encryption both provide ways to keep sensitive data safe. However, in almost all circumstances, passwords should be hashed, NOT encrypted. Hashing is a one-way function (i.e., it is impossible to "decrypt" a hash and obtain the original plaintext value). Hashing is appropriate for password validation.


1 Answers

The best solution I've found is simply putting them in the log file, since the server will already be password protected, and I could make it so only one user (and I guess root) would be able to read them, but few people would know the server exists, and only one should know where exactly to find them and have the credentials to do so.

Despite the lack of security, it accomplishes the purpose, and still has enough security. If someone unwanted gets the credentials, its easy enough to reset a couple of passwords so they lose access to the gitHub account.

like image 156
maliddle Avatar answered Sep 20 '22 10:09

maliddle