|
|
|
|
|
|
by dmgbrn
4062 days ago
|
|
|
Unless you're on your personal laptop. It's a tricky question, one that we've spent a lot of time thinking about at my company (Conjur -- shameless plug, one of our use cases is secrets management). Obviously doing this on a server that others can access/pwn is a bad idea, but that's a very rare use case. Most secrets are being added via the command line from an admin's single user laptop. In the end, we've settled on what seems to be the same solution as Vault: support other sources (stdin, files, etc.), but allow the command line. That said, I think you're right that we should look into adding a warning for the CLI tools and placing more emphasis on this fact in our documentation. |
|
|
It persists in your shell history... your notebook is stolen, then...
You can encrypt the filesystem but it is better to not have your secret information disseminated in your filesystem and computer memory.