Reputation: 697
Store passwords in Ruby script
I wrote a helper script in Ruby to handle my file synchronization through some servers. It was used only in my intranet and authentication was made by SSH keys. But now I want to use it where I can't use SSH keys and I want to store the passwords in a config file.
I know, there are some encryption libraries like bcrypt or OpenSSL, but I have a problem with that:
- I start my script and enter my passphrase and it is stored in a variable to decrypt my passwords.
- My code is open source.
So everybody, who has access with my user to my computer (which would be the first barrier, which I'd like to extend) and looks into the memory (where my passphrase is stored) can decrypt my password file. How is that handled in applications which are relevant to security?
Edith says as a reply to DevDude (but here, because I want to keep my specifications in my question): But then this configuration file would be plain text and not encrypted. And when I encrypt this file there are two more issues in my opinion:
- The super_secret_pwd would be stored in a variable, so when I would search in the memory of the computer, I would find it, wouldnt I?
- The master password for encryption would be in the memory as plain text, too.
So the big question is: Is it possible to read plain text variables from the memory? As I know it is possible in C and a big security issue.
Upvotes: 3
Views: 1380
Answers (1)
Reputation: 3940
What you are looking for is to use a YAML file with the password/API keys. and never check this file into your repo.
Then you can reference this file on your initializers, and maybe make the password a global variable or x, use configatron, etc.
This is basically how production applications work, they read their important settings from a YAML file stored on the server itself.
This is what I use:
@c = configatron
# Per environment settings
app_settings = YAML.load_file('config/secret_stuff.yml')
@c.password = app_settings['super_secret_pwd']
Do not use ENVIRONMENT variables because they have all sort of security issues. They are an antipattern.
Upvotes: 2
Related Questions
- Safe way to store decryptable passwords in ruby
- how to securely store authentication credentials in ruby client scripts?
- Looking for ways to encrypt password in text files on ruby on rails
- Encrypt a string with a password in ruby
- How to securely store user passwords for an external application?
- Ruby encrypting passwords to be stored in config file
- Storing Passwords for Third Party Services
- Rails database - how to store encrypted data using the user's password?
- how to protect plain text password in my script? (ruby)
- How do I securely store passwords in a configuration file in a Ruby/Rails web server environment?