[systemd-devel] Environment-variable security?
Lennart Poettering
lennart at poettering.net
Tue Nov 13 10:18:22 UTC 2018
On Mo, 12.11.18 17:41, aleivag (aleivag at gmail.com) wrote:
> You can define those secrets on /etc/robotsecret.txt, and then on your unit
> you do `EnvironmentFile=/etc/robotsecret.txt`
>
> then you protect /etc/robotsecret.txt as you would normally do
Don't do this. This is only partially secure, and that only by
coincidence, not by design. env vars are generally not considered
secrets, and will still propagate down the tree.
If you have secrets pick a place where they are strictly access
controlled, and where this access control is built into the concept
itself. Files on disk work (with their age old UNIX access mode) and
kernel keyrings work too (they have been designed just for this
purpose). env vars do not qualify. Neither in understanding of its
users, not in actual code.
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list