0% found this document useful (0 votes)
11 views1 page

Secrets at The Command Line

Secret

Uploaded by

axisdu37
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
11 views1 page

Secrets at The Command Line

Secret

Uploaded by

axisdu37
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

GitGuardian [Secrets At The Command Line - 2022]

credentials in files and I n the terminal

Plaintext Use A Vault PIPES


Credentials Use a vault like Hashicorp Vault to
securely store credential
Never enter or store
Programatically retreive secrets from a
passwords, API Keys or any
password manager to prevent secret AVOID/DEV/STDIN TRANSPORT SAFELY
other secrets in plaintext

leakage Avoid reading from /dev/stdin, Pipes are temporary
read from as close to the data communication channels
source as possibl between processes
Programatically retreive Overall secure, as they only exist
secrets from a password in memory during the data
manager to prevent secret transfer
leakage

E nvironmental V ariables

do not store in SCOPE AND ROTATE


the cloud
Ensure they are have a limited
Environmental Variables should scop
only ever be stored locall Rotate any keys stored this
Do not use in shared or cloud way often
environments

S O PS

CREDEN T IA L F I L ES Free and open source tool from Mozilla allowing you to edit encoded files without needing
to unencrypt them



Read more about SOPS in our comprehensive guide: 



https://blog.gitguardian.com/a-comprehensive-guide-to-sops/

DO NOT SHARE store safely


Do not store in a Version Control Set permissions for each fil
Syste Ensure they are in your home
Do not share credential files
directory and only accessible
by you

process status

`ps` utility providing information on all running processe


Any values entered through the command line are stored in a globally readable file
/proc/<pid>/cmdline

H IS TO R Y LO CA L F I L E S Y S T E M ENCR Y P T I O N

Encrypt your data at rest with tools like LUSK based Linux tools, VeraCrypt or FireVault

DO NOT enter plaintext use shellclear


Shellclear is a free and open
Any plaintext secrets entered
source tool to find secrets in your
into your shell are stored in your
Bash history
terminal’s history
Shellclear can help you easily
Easily accessible to anyone with
remove any secrets from your
shared environment access
history

You might also like