Hacker News new | ask | show | jobs
by benmanns 4774 days ago
Be careful if you are in the habit of using environment variables to specify API keys or database passwords. One of my top commands is `FACEBOOK_SECRET=...`.
3 comments
eksith 4774 days ago
Is it a good idea to keep passwords in environment variables?

Isn't it safer to create a credentials file and give it the appropriate chmod?

link
calpaterson 4774 days ago
From a deployment point of view, environment variables are a pretty good choice.

http://www.12factor.net/config

link
vacri 4774 days ago
vacri@devbox:~$ ps aux | grep elasticsearch

112 6725 0.1 36.7 1965924 1411164 ? SLl May03 37:11 /usr/lib/jvm/java-7-openjdk-amd64//bin/java -Xms1g -Xmx1g -Xss256k -Djava.awt.headless=true -XX:+UseParNewGC -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -XX:+HeapDumpOnOutOfMemoryError -Delasticsearch -Des.pidfile=/var/run/elasticsearch.pid -Des.path.home=/usr/share/elasticsearch -cp :/usr/share/elasticsearch/lib/elasticsearch-0.90.0.jar:/usr/share/elasticsearch/lib/:/usr/share/elasticsearch/lib/sigar/ -Des.default.config=/etc/elasticsearch/elasticsearch.yml -Des.default.path.home=/usr/share/elasticsearch -Des.default.path.logs=/var/log/elasticsearch -Des.default.path.data=/var/lib/elasticsearch -Des.default.path.work=/tmp/elasticsearch -Des.default.path.conf=/etc/elasticsearch org.elasticsearch.bootstrap.ElasticSearch

link
calpaterson 4774 days ago
I'm not sure what you're trying to say, but environment variables and arguments are different things. Environment variables avoid exactly that problem
link
hackerpants 4774 days ago
Yes! I don't want to know anybody's secrets. I won't be publishing the raw data for this reason, in case anything like this gets through by accident.
link
sdqali 4774 days ago
I did history | grep -v "=" | .... to ensure that commands where I specified environment variables are ignored.
link