Best practice for managing secrets (passwords, private keys) used by Python scripts running as daemons
Chris Angelico
rosuav at gmail.com
Sat Mar 24 16:31:02 EDT 2018
On Sun, Mar 25, 2018 at 7:23 AM, Thomas Jollans <tjol at tjol.eu> wrote:
> On 24/03/18 20:41, Chris Angelico wrote:
>> On Sun, Mar 25, 2018 at 4:24 AM, Peter J. Holzer <hjp-python at hjp.at> wrote:
>>> On 2018-03-23 11:50:52 -0700, Dan Stromberg wrote:
>>>> I'd put them in a file with access to the daemon..
>>>>
>>>> Putting credentials in an environment variable is insecure on Linux,
>>>> because ps auxwwe lists environment variables.
>>>
>>> But only those of your own processes. So both methods are about equally
>>> secure: If you can become the daemon user (or root), then you can read
>>> the secret.
>>
>> If you can become the daemon user, you can do whatever the daemon user
>> can.
>
> If you're using something like SELinux, I don't think that's
> *necessarily* true (but I really don't know much about SELinux).
Me neither. Anyone here happen to know?
> Normally, though, I should think that protecting the secret with user
> isolation (e.g. by putting it into a file with the right permissions)
> should be fine.
>
> Environment variables should be fine too, but really this just moves the
> problem up one level: where does the parent process get the secret when
> it sets up the environment?
A common situation is that the secret is owned by *root*, not the
daemon process's user. So the parent process, running as root, reads
the secret into memory, then forks, drops privileges, and exec's to
the daemon with the secret in the environment.
ChrisA
More information about the Python-list
mailing list