|
| 1 | +--- |
| 2 | +layout: post |
| 3 | +title: Putting secrets in environment variables is stupid. |
| 4 | +subtitle: |
| 5 | +--- |
| 6 | + |
| 7 | +There seems to be this infatuation, especially in the Rails community, with |
| 8 | +putting secret information inside environment variables. Now, even if I take |
| 9 | +off my old crufty Solaris hat and ignore what the '-e' flag of ps means on |
| 10 | +that platform: this is a stupid, pointless idea. The process environment is |
| 11 | +not a secret. |
| 12 | + |
| 13 | +The ostensible idea behind this is that if you pass in things in the |
| 14 | +environment, you're protected from a scenario where someone breaks into your |
| 15 | +machine and reads your presumably non-world-readable file containing your keys |
| 16 | +or passwords. This is laughable for several reasons: |
| 17 | + |
| 18 | + * Files were designed to be secured with permissions. The environment, on |
| 19 | + the other hand, was never designed or intended to store secret |
| 20 | + information. |
| 21 | + |
| 22 | + * Unless you're passing shit into a Docker container, the environment |
| 23 | + variables are *already stored in a flat file* on the host. |
| 24 | + |
| 25 | + * If you passed your secrets in as an environment variable, and you use |
| 26 | + Linux, your secrets ARE ALREADY IN A FILE in /proc. |
| 27 | + |
| 28 | + * If someone pops a shell within your process, they can just run "env" |
| 29 | + anyway. |
| 30 | + |
| 31 | +So just put your secrets in a file like a normal person. If you want to be |
| 32 | +fancy, pass them to the process over a pipe from a higher privileged process, |
| 33 | +but don't pretend that environment variables make things magically ephemeral. |
0 commit comments