i running server provisioning big bash file, not sure how handle passwords , other similar sensitive information. @ point have lots of environmental variables, etc:
export home=/home/deployer export dbuser=happy export dbpass=pass export amazonkey=akiaiwdgw3kdy2tz7pvya
and afterwards use these values, etc $dbuser anywhere want. if unfortunate event gain access server, running "printenv" gain passwords. best strategy have centralized place or strategy managing sensitive information?
create os user application
store environment variables user only
run application user
other users/programs won't able see environment variables (except root)
Comments
Post a Comment