Beefy Boxes and Bandwidth Generously Provided by pair Networks
Don't ask to ask, just ask

Re: Best way to store passwords

by einhverfr (Friar)
on Nov 06, 2013 at 13:26 UTC ( #1061427=note: print w/replies, xml ) Need Help??

in reply to Best way to store passwords

There is no one size fits all answer. In general you have the choices of carefully protected plaintext storage in a secure location (ideal for fully automated processes) or encrypted data protected with a passphrase you enter when you login interactively.

In a fully automated environment, your system needs all info sufficient to access the plain text so if the computer is compromised the system has enough information to access the plain text no matter what you do.

On the other hand for interactive workloads, you can use AES (see Crypt::OpenSSL::AES) to encrypt the passwords with a passphrase you enter.

You might also consider measures outside your application and use full disk encryption.

Replies are listed 'Best First'.
Re^2: Best way to store passwords
by Special_K (Beadle) on Nov 06, 2013 at 19:44 UTC
    In this case my scripts are fully automated and need to run without any manual input. The KeePass modules mentioned above seem to still require you to store your master password in plaintext to access the database. To me, that seems less secure than only storing the specific passwords I need in plain text.
      Yeah. For fully automated environments, plain text with appropriate controls there, is the best you are going to be able to do. Your best encryption is going to be something like full disk or partition encryption which requires you to enter a password at boot or mount time.

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1061427]
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others exploiting the Monastery: (4)
As of 2018-04-20 03:30 GMT
Find Nodes?
    Voting Booth?