Collaborate Disseminate
I have a node.js project which implement in nest.js framework.
there is some apiKey and secretKey in my env file, I want to protect these keys from anyone, even host administrator. so I compile my entire project with pkg module to a binary… Continue reading how to protect a string (secret key) in my env file in node.js project?
I don’t make it a habit to pass credentials in scripts, but i’m in the process of automating some setup of my routers and using GNU make to have a simple make command to fix everything for me.
However, I need to upload configuration files … Continue reading Passing credentials in GNU Make
I am working on a application which requires session token to commence trading activities. This will be hosted on a cloud based Linux VM (Ubuntu) and a managed MySQL database.
Session token are generated using a TOTP. I have build this app… Continue reading Storing TOTP keys
I need to add my GPG key to some lines in
~/.gnupg/gpg.conf
such as
default-key XXX
default-recipient XXX
Does it accept shell environment variables? Can I use
default-key $GPGKEY
default-recipient $GPGKEY
where $GPGKEY is defined in my … Continue reading Does ~/.gnupg/gpg.conf accept shell environment variables?
I have a process that needs secret keys to be passed as environment variables. That is for historical reasons.
I have a AWS machine where this process runs but I do not want to store these keys in files or scripts on the cloud.
What is the… Continue reading Launch a process with secrets as environment variables
TL;DR
The container’s environment variable can be queried many ways, with native docker tools or 3rd party tools. The docker admin user (or any user in the docker group) not necessary dba on a container’s image, still can dump the root(mys… Continue reading I do not understand how the standard practice to pass secrets as environment variables to containers considered as safe? [duplicate]
I know that the TZ variable aka TimeZone can be read by servers, especially with fingerprinting.
What are the exposed variables to browser’s ?
Continue reading Which system variables are exposed from browser JavaScript context?
Is it okay to upload .env files containing client ID and client secret to elastic beanstalk? If not, what is the risk involved? How would one access those files?
(This is a question regarding a challenge in a wargame on overthewire.org called Narnia similar to Shellcode does not execute as the owner )
When exporting shellcode to EGG environment variable
export EGG=`python3 -c "import sys; sys…. Continue reading Exporting shellcode to environment variable doesn’t work as expected
I’ve been having a discussion with a developer about storing sensitive information in environment variables. Specifically within a containerised environment such as Azures Container apps.
Background information
In container apps you are a… Continue reading Secret security in containerised environment