<div dir="auto">FWIW Kubernetes also supports mounting files containing secrets, which I've personally found to be easier to work with than environment variables. <br><br><div data-smartmail="gmail_signature">--<br>Ryan (ライアン)<br>Yoko Shimomura, ryo (supercell/EGOIST), Hiroyuki Sawano >> everyone else<br><a href="https://refi64.com/">https://refi64.com/</a></div></div><br><div class="gmail_quote"><div dir="ltr">On Tue, Nov 13, 2018, 11:20 PM Tomasz Torcz <<a href="mailto:tomek@pipebreaker.pl">tomek@pipebreaker.pl</a> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On Wed, Nov 14, 2018 at 02:17:02AM +0100, Marek Howard wrote:<br>
> Marek Howard píše v St 14. 11. 2018 v 01:35 +0100:<br>
> > Lennart Poettering píše v Út 13. 11. 2018 v 15:17 +0100:<br>
> > > On Di, 13.11.18 07:49, David Parsley (<a href="mailto:parsley@linuxjedi.org" target="_blank" rel="noreferrer">parsley@linuxjedi.org</a>) wrote:<br>
> > > Well, you are of course welcome to ignore whatever I say, but again,<br>
> > > environment blocks are leaky, they propagate down the process tree,<br>
> > > and are *not* generally understood as being secret.<br>
> > <br>
> > It is not *that* common to pass secrets via environment variable but<br>
> > it's nothing unusual, and many programs offer this interface. OpenVPN<br>
> > comes to bind. Where such interface is offered, propagating down the<br>
> > process tree is usually not a concern, because such programs usually<br>
> > don't fork "untrusted" programs.<br>
> > <br>
> > It's quite handy way to pass secrets and as I said above, there's<br>
> > really no risk if it's done in cases where it makes sense. Of course<br>
> > systemd leaking it to everyone makes it not usable with systemd, but<br>
> > that's not really a problem with environment variables.<br>
> <br>
> If you want some examples:<br>
> <br>
> borgbackup - BORG_PASSPHRASE<br>
> restic - RESTIC_PASSWORD<br>
> openssl - env:var<br>
> rsync - RSYNC_PASSWORD<br>
> hub - GITHUB_PASSWORD, GITHUB_TOKEN<br>
> rclone - RCLONE_CONFIG_PASS<br>
> smbclient - PASSWD<br>
> <br>
> Again, it's not so common, but it's not unusual and it's not insecure<br>
> if you know what you're doing (which you usually are when you have<br>
> powers to create system services).<br>
<br>
Generally, storing secret data in environment is common in<br>
web microservices world, popularised by <a href="https://12factor.net/config" rel="noreferrer noreferrer" target="_blank">https://12factor.net/config</a><br>
But those apps are supposed to be run by Kubernetes or other<br>
container runtime - with dedicated clusters, PID namespaces and so on.<br>
Running them as plain unix (systemd) services is the wrong way<br>
to run them ;)<br>
<br>
-- <br>
Tomasz Torcz There exists no separation between gods and men:<br>
xmpp: <a href="mailto:zdzichubg@chrome.pl" target="_blank" rel="noreferrer">zdzichubg@chrome.pl</a> one blends softly casual into the other.<br>
<br>
_______________________________________________<br>
systemd-devel mailing list<br>
<a href="mailto:systemd-devel@lists.freedesktop.org" target="_blank" rel="noreferrer">systemd-devel@lists.freedesktop.org</a><br>
<a href="https://lists.freedesktop.org/mailman/listinfo/systemd-devel" rel="noreferrer noreferrer" target="_blank">https://lists.freedesktop.org/mailman/listinfo/systemd-devel</a><br>
</blockquote></div>