I have a bit of a 'where do I begin' question. I need to embed a password, or some kind of authentication to a number of external systems (not just ssh keys unfortunately), but things like MySQL, and some security appliances. We need to have the passwords sent to these devices, but we need to not embed the password clear text in the script.
My first thought was to just create an encryption key, and use the key to decrypt a password file. That leaves the keys, and the file in the same place (system). It seems to me that there should be a better way to do this, but I am having trouble finding anything on how to do this securely. I see lots of people that say to 'hide' the password in a file, or bury it deeply in the code, as if that would make a difference to someone that could read it.
Any advice on how to properly, and securely do this?
As always, thanks for you help guys.
UPDATE: Sorry, I didn't say, but the scripts are CGI code on a website. It complicates most answers I can think of.