[Tutor] Storing passwords and version control
Mats Wichmann
mats at wichmann.us
Sun May 27 13:50:58 EDT 2018
On 05/27/2018 11:08 AM, Alan Gauld via Tutor wrote:
> On 27/05/18 17:21, Joel Goldstick wrote:
>> On Sun, May 27, 2018 at 12:08 PM, Pat Martin <wpmartin at gmail.com> wrote:
>>> ... Since it will be a script I will be running
>>> through cron I won't be able to type the password
>
>> You can set environment variables on the system that runs the script.
>
> EV was my initial thought but...Would that work for a cron job?
> I didn't think cron picked up the user environment?
> Or have I got that wrong? Very possible, since I rarely use cron...
>
It doesn't pick up your login environment, but it can still be given
EVs. However that's not (much) more safe: the way a process was called
can be examined, so you can fish the passwords out while it is active.
More classical schemes for this involve using a third party to make
things work: read up on using a token, OAuth style; or if the
environment is more local and you're really only looking for a login
password, a password agent like ssh uses.
More information about the Tutor
mailing list