Many cloud platforms provide a secrets manager. It sets up env variables with secrets you need.
Noury On Jan 17 2024, at 12:55 pm, Norbert Hartl <norb...@hartl.name> wrote: > > > Am 17.01.2024 um 12:31 schrieb Richard O'Keefe <rao...@gmail.com>: > > > > Back in the days when an entire department would share something like > > a VAX and think themselves > > lucky, the advance was never to let secrets *rest* in your address > > space any longer than you had to. > > Bring the secret into memory just the instant before you need it, use > > it, then scrub that area of > > memory. You might want to put the credentials on a thumb drive which > > is plugged in only when needed, > > the example is about cloud servers. So we can rule out thumb drives easily ;) > Scrubbing memory is only useful if you don’t need access at random which the > examples sounds like. > > I've generally found it better for environment variables to contain > > file names pointing to configuration > > files than to have then hold the configuration information directly. > > If you use files you have just one more thing where you can screw up things > like file permissions. And the question is where does the file come from? > Especially if you use something like docker with ephemeral containers. > Norbert > > > > On Wed, 17 Jan 2024 at 22:31, Norbert Hartl <norb...@hartl.name> wrote: > >> > >> > >> > >>> Am 17.01.2024 um 05:27 schrieb sergio ruiz <sergio....@gmail.com>: > >>> > >>> Hi, all. > >>> > >>> One of my projects logs in to Spaces (Digital Ocean’s version of S3). I > >>> need to be able access the credentials, but I don’t want to store them in > >>> the source code, as I will be using Github to store the projects. > >>> > >>> Is there an accepted way to do this (encryption)? > >>> > >>> Should I store them on the system as environment variables? is this > >>> efficient? > >> > >> One of the usualy ways especially on unix systems is to hand credentials > >> in via the process environment. If you execute > >> > >> OSEnvironment current at: ‚SHELL' > >> > >> in a playground you should see somthing like ‚/bin/bash‘. So when starting > >> the process you just need to specify the environment variables so that > >> pharo can access it. If you use docker there is a way to specify that > >> easily. > >> > >> Norbert >
