Our great sponsors
-
envconsul
Launch a subprocess with environment variables using data from @HashiCorp Consul and Vault.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
platform-compat
Discontinued Roslyn analyzer that finds usages of APIs that will throw PlatformNotSupportedException on certain platforms.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
You have envchain to store secrets as ENV variables in your keyring and execute commands:
https://github.com/sorah/envchain
Not really something you would use for production web apps, I think envconsul covers that usecase:
https://github.com/hashicorp/envconsul
You have envchain to store secrets as ENV variables in your keyring and execute commands:
https://github.com/sorah/envchain
Not really something you would use for production web apps, I think envconsul covers that usecase:
https://github.com/hashicorp/envconsul
AIX 5.2? That was EOL 2008, it seems hardly worth warning about these days.
https://github.com/mobile-shell/mosh/issues/156#issue-407789...
Sidenote: I really like the cookie consent form on this site. It's unobtrusive, clear, opt-out by default and the highlighted and only button is "Continue to site". Bravo to https://www.clym.io/
Nice article, covers the basics well. Credential files seem like simplest way to go and are secure enough for most local uses. For anything more involved a secrets manager is probably required. I've been using Linux for a long time and hadn't heard about `keyctl`, thanks for mentioning it. A more flexible solution might be https://github.com/mozilla/sops
.NET (and PowerShell) have something similar. Interestingly, Microsoft recommends not using them. https://github.com/dotnet/platform-compat/blob/master/docs/D...
I assume by certs and Windows auth they're implying the OS native stuff versus just passing those around in code, instead
The difficulties mentioned in the article with passing secrets on the command line is one of the reasons why we wrote encpass.sh (https://github.com/plyint/encpass.sh). We had a similar need for a lightweight solution for managing secrets for simple shell scripts on our local workstations and in restricted environments. Bonus, it can be easily customized with extension scripts to adapt functions for your own specific needs. See our keybase extension for an example -> https://github.com/plyint/encpass.sh/blob/master/extensions/...
I defer to using AWS SSM to retrieve secrets https://github.com/kaihendry/dotfiles/blob/master/bin/ssm
But yeah, reading secrets of env or ps or the clipboard is a real issue, so I focus on making sure that doesn't leak.
I've made terrible mistakes leading /proc accidentally in my Web app https://github.com/securego/gosec/issues/569
I defer to using AWS SSM to retrieve secrets https://github.com/kaihendry/dotfiles/blob/master/bin/ssm
But yeah, reading secrets of env or ps or the clipboard is a real issue, so I focus on making sure that doesn't leak.
I've made terrible mistakes leading /proc accidentally in my Web app https://github.com/securego/gosec/issues/569
Related posts
- OpenBao – FOSS Fork of HashiCorp Vault
- Top 10 Snyk Alternatives for Code Security
- Show HN: ssh-tpm-agent – SSH agent for TPMs
- Reminder to secure your homelab: I forgot to turn off SSH on my NAS 5 days ago after using it briefly and had almost 900 attacks since then. Fortunately SSH was not running on default 22 port and access was blocked on the Synology and no passthrough to SSH from my router.
- [Question] - How to check if http server is secured?