bash - What is the best password management practice while on server (ubuntu) -


i running server provisioning big bash file, not sure how handle passwords , other similar sensitive information. @ point have lots of environmental variables, etc:

export home=/home/deployer export dbuser=happy export dbpass=pass export amazonkey=akiaiwdgw3kdy2tz7pvya 

and afterwards use these values, etc $dbuser anywhere want. if unfortunate event gain access server, running "printenv" gain passwords. best strategy have centralized place or strategy managing sensitive information?

create os user application

store environment variables user only

run application user

other users/programs won't able see environment variables (except root)


Comments