0

My Java web application needs access to certain passwords. I've configured the app to read these passwords from environment variables. When I deploy the app to tomcat these environment variables are stored in setenv.sh file like this

export SOME_PWD="somvalue"

Is there a better way to do this so that they aren't stored in clear text? I would like to maintain setenv.sh in my git repository to keep track of changes and easily do CI deploy and would hate to keep clear text passwords in my repository.

Anthony
  • 33,838
  • 42
  • 169
  • 278
  • maybe this? http://stackoverflow.com/questions/2161054/where-to-place-and-how-to-read-configuration-resource-files-in-servlet-based-app – Emil Hotkowski Jan 05 '17 at 12:53
  • Look at [Vault](http://docs.ansible.com/ansible/playbooks_vault.html) feature of Ansible. It is allow to store sensitivity data in encrypted format inside repository and decrypt them during deploy if you have corresponding key for that. But in this case you should use Ansible for deploy. – Maxim Jan 05 '17 at 13:13
  • Even if it is about Python, you will find an interesting discussion [in that other post](http://stackoverflow.com/questions/11575398/how-can-i-save-my-secret-keys-and-password-securely-in-my-version-control-system) – Serge Ballesta Jan 05 '17 at 13:23

1 Answers1

0

If you are on Linux and environment variables contain secrets, then you are already fighting the wrong battle by trying to protect them in the shell scripts that are used to launch your JVM process.

Linux usually has a /proc filesystem which has a virtual directory for every process, and each process-directory has an environ file where any user on the system can dump the environment of the process.

So you need to protect more than just the file that contains the environment variable export lines. I would argue that standard UNIX file permissions can protect the shell script sufficiently. If you don't trust your administrators, your system can never be considered secure.

You should consider changing your application to load those configuration parameters from a file which can be similarly protected (file permissions) instead of using the process's "environment" for that purpose.

Christopher Schultz
  • 20,221
  • 9
  • 60
  • 77