all InfoSec news
How to harden secret security when passed to processes via files or environment variables?
Dec. 16, 2023, 4:22 p.m. | /u/pbeucher
cybersecurity www.reddit.com
I'm looking for ways to securely pass secrets to processes. I wrote [Novops](https://github.com/PierreBeucher/novops), a secret and configuration tool fetching secrets from secret managers like Hashicorp Vault and passing them onto processes like Ansible or Terraform. These "client" processes expect secrets as files or environment variables (eg. [Ansible `ANSIBLE_VAULT_PASSWORD_FILE`](https://docs.ansible.com/ansible/latest/reference_appendices/config.html#envvar-ANSIBLE_VAULT_PASSWORD_FILE)).
Novops idea is to only keep secrets for as long as they're needed (instead of permanently storing them in git-ignored files, under `$HOME` directory or as CI variables) and …
cybersecurity directory environment files git hello home memory party processes protect secret secrets security third third-party under
More from www.reddit.com / cybersecurity
Jobs in InfoSec / Cybersecurity
Social Engineer For Reverse Engineering Exploit Study
@ Independent study | Remote
Senior Software Engineer, Security
@ Niantic | Zürich, Switzerland
Consultant expert en sécurité des systèmes industriels (H/F)
@ Devoteam | Levallois-Perret, France
Cybersecurity Analyst
@ Bally's | Providence, Rhode Island, United States
Digital Trust Cyber Defense Executive
@ KPMG India | Gurgaon, Haryana, India
Program Manager - Cybersecurity Assessment Services
@ TestPros | Remote (and DMV), DC