BLU Discuss list archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Discuss] securing API passwords
- Subject: [Discuss] securing API passwords
- From: richb at pioneer.ci.net (Rich Braun)
- Date: Sat, 31 Jan 2015 09:39:14 -0800
- In-reply-to: <mailman.3.1422723604.13453.discuss@blu.org>
- References: <mailman.3.1422723604.13453.discuss@blu.org>
> Postgres has the ability to do passwords, so do I just put a password in my program source? Set Postgres to only accept local connections, and hope for the best? The config-management systems do this with encryption: take a look at Chef (encrypted data bags) and Ansible (ansible-vault). I've used each of these, and I've also rolled my own with files stored under cryptsetup and TrueCrypt. You /can/ store the passwords/keys with your code but not in plain text. Keep your encryption keys in a place separate from your code, and protect them with 2-factor auth (a keyfile and a memorized passphrase, read up on ssh-keygen for a simple example of what I mean). If you're really paranoid, also add Google Authenticator on top of that. Just remember: keep those plain-text passwords off the network and out of your code base. -rich
- Prev by Date: [Discuss] Passwords in Source Code?? Or, How to secure interprocess communications?
- Next by Date: [Discuss] Passwords in Source Code?? Or, How to secure interprocess communications?
- Previous by thread: [Discuss] Passwords in Source Code?? Or, How to secure interprocess communications?
- Index(es):
