Home > Enterprise >  Is it a good idea to store an encryption key as an environment variable?
Is it a good idea to store an encryption key as an environment variable?

Time:05-21

I am writing a command-line application in Python 3. The app will be run by different users on their local machines. Some parts of the application require to login to a database. I want to give the users the choice to store their credentials or type them in every time.

For storing the credentials (if the users chose so) I want to use a seperate file which is created on the local machine and which is encrypted. For the encryption of the file I need to generate a key.

Now my question: Is it a good idea to store that key needed for encryption and decryption as an environment variable (I want to distribute critical information and not just store them in another file with the app)? What solutions should I consider where to store the key? Are there different environment variables (in terms of safety)?

I am aware, that there is no perfect solution (especially not with a python script which is stored in plain text by itself), but I want to put some effort in thinking this through and not just use .netrc or something like this.

Thank you in advance for some ideas.

Frank

CodePudding user response:

Do not store any sensitive information in environment variables.

Any other process with the user's permissions (in particular any other process running as the user) can view all the environment variables for all the processes the user runs. A process with admin (e.g. root or sudo access) can see all environment variables for all users.

That allows any rogue process to read all the environment variables for it's owning user, and any admin rogue process to read all environment variables generally.

In Linux, you can see these environment variables at:

cat /proc/<pid>/envoron

Where <pid> is the process ID of the process you want to "spy" on.

They're each separated by null characters, BTW.

Note that many shells like bash have internal variables that only become environment variables when you use the export function. Newer versions of bash are even clever enough that they only actually export them to the real environment when spawning children. However, they are exposed to other processes every time any child is spawned (even just a grep or a cat).

CodePudding user response:

Unfortunately, this kind of question boils down to a chicken and egg problem: the credentials should only be stored in encrypted form. And the decryption key should also be stored in encrypted form...

A common solution is to rely on the OS and file system permission: a file only readable by its owner can only be accessed by the owner... and anybody with admin privileges... But anyway you cannot expect to be protected from an admin. That is the rationale behind the good old .netrc or equivalent files.

Automatically reading a (only readable by owner) file into an environment variable is a close variation. If has the same security level and can be easier to use.

  • Related