|Perl: the Markov chain saw|
using ssh-agent from a perl scriptby Skeeve (Vicar)
|on Jul 24, 2013 at 07:54 UTC||Need Help??|
Skeeve has asked for the
wisdom of the Perl Monks concerning the following question:
I don't know where to start searching, so I thought maybe some of you could give me some good hints or share your thoughts about it.
I want to write some tools here which need to access databases and LDAP servers. For this they need some credentials. Usually here these credentials are shared ones but nevertheless I don't like them to be lying around in the filesystem unencrypted.
So my idea is to store them in an encrypted file which an ssh-agent should then be able to decrypt.
So every user who wants to use the tool needs to have a shared private key and he has to use a passphrase for it.
The tools then have, encrypted with the public key, the credentials they require.
When the user starts the script, it would try to contact the user's ssh-agent asking it to decypt the credentials.