Clear questions and runnable code get the best and fastest answer |
|
PerlMonks |
Re: Accessing passwords in a scriptby davido (Cardinal) |
on Mar 25, 2017 at 21:07 UTC ( [id://1185958]=note: print w/replies, xml ) | Need Help?? |
Vault, by Hashicorp is a great solution nowadays. There's still a bit of a chicken/egg issue though. Eventually an application needs a way to store password it can use to authenticate, either with the individual services it connects to, or with a single service such as Vault which then provides credentials to use with the other individual services. One fairly common practice is to have a non-committed config file that has to be manually installed on the box that runs your code. It's not committed to any repository. If someone pwns the box they'll get the password/token/etc. But you would have bigger problems by then anyway. The biggest problem with this practice is that someone always forgets and commits the special config file, and then everything in it needs to be rotated again. Dave
In Section
Seekers of Perl Wisdom
|
|