environment-variables – WindowsTechs.com

Does ~/.gnupg/gpg.conf accept shell environment variables?

Posted on April 10, 2024 by Meng Lu

I need to add my GPG key to some lines in
~/.gnupg/gpg.conf
such as
default-key XXX
default-recipient XXX

Does it accept shell environment variables? Can I use
default-key $GPGKEY
default-recipient $GPGKEY

where $GPGKEY is defined in my … Continue reading Does ~/.gnupg/gpg.conf accept shell environment variables?→

Launch a process with secrets as environment variables

Posted on March 30, 2024 by Henrique Bucher

I have a process that needs secret keys to be passed as environment variables. That is for historical reasons.
I have a AWS machine where this process runs but I do not want to store these keys in files or scripts on the cloud.
What is the… Continue reading Launch a process with secrets as environment variables→

I do not understand how the standard practice to pass secrets as environment variables to containers considered as safe? [duplicate]

Posted on January 24, 2024 by g.pickardou

TL;DR
The container’s environment variable can be queried many ways, with native docker tools or 3rd party tools. The docker admin user (or any user in the docker group) not necessary dba on a container’s image, still can dump the root(mys… Continue reading I do not understand how the standard practice to pass secrets as environment variables to containers considered as safe? [duplicate]→

Which system variables are exposed from browser JavaScript context?

Posted on November 10, 2023 by Gilles Quenot

I know that the TZ variable aka TimeZone can be read by servers, especially with fingerprinting.
What are the exposed variables to browser’s ?

Continue reading Which system variables are exposed from browser JavaScript context?→

Exporting shellcode to environment variable doesn’t work as expected

Posted on August 12, 2023 by Black Hemera

(This is a question regarding a challenge in a wargame on overthewire.org called Narnia similar to Shellcode does not execute as the owner )
When exporting shellcode to EGG environment variable
export EGG=`python3 -c "import sys; sys…. Continue reading Exporting shellcode to environment variable doesn’t work as expected→

Secret security in containerised environment

Posted on November 23, 2022 by Drifter104

I’ve been having a discussion with a developer about storing sensitive information in environment variables. Specifically within a containerised environment such as Azures Container apps.

Background information
In container apps you are a… Continue reading Secret security in containerised environment→

Securely loading private tokens on a local machine

Posted on September 18, 2022 by user73235

When doing local development, I have to export a token needed for downloading dependencies from a private repository. For example:
export NPM_TOKEN=token_value

I want to make sure that this token is not stored in the shell history (that’s… Continue reading Securely loading private tokens on a local machine→

Details: snoop environment variables using D-Bus IPC

Posted on August 26, 2022 by Jeff Hemmen

The page at: https://www.freedesktop.org/software/systemd/man/systemd.exec.html#Environment says:

Environment variables set for a unit are exposed to unprivileged clients via D-Bus IPC […]

I don’t have much experience with stuff as low… Continue reading Details: snoop environment variables using D-Bus IPC→

Why are environment variables safe after 2022 Heroku breach?

Posted on July 14, 2022 by Vic Seedoubleyew

In their communication about the april 2022 breach (summary here), Heroku states that environment variables (other than Review apps and CI variables) were safe because they are encrypted at rest.

We also wanted to address a question regar… Continue reading Why are environment variables safe after 2022 Heroku breach?→