Upload
devseccon-limited
View
145
Download
0
Embed Size (px)
Citation preview
Join the conversation #devseccon
By Jakob Holderbaum / @hldrbm
Managing Shared Secrets using Basic Unix Tools
var express = require('express')var app = express()
var user = process.env.GITHUB_USERvar apiToken = process.env.GITHUB_API_TOKEN
var port = process.env.PORT || 5000
app.get('/', function (req, res) {// Implement GitHub API call
})
app.listen(port, function () {console.log('App listening on port ' + port)
})
var express = require('express')var app = express()
var user = process.env.GITHUB_USERvar apiToken = process.env.GITHUB_API_TOKEN
var port = process.env.PORT || 5000
app.get('/', function (req, res) {// Implement GitHub API call
})
app.listen(port, function () {console.log('App listening on port ' + port)
})
$ export PASSWORD_STORE_DIR=~/code/app/secrets$ pass add production/user$ pass add production/api_token
$ find ~/code/app/secrets
~/code/app/secrets/.gpg_id~/code/app/secrets/production/user.gpg~/code/app/secrets/production/api_token.gpg
$ cat ~/code/app/secrets/.gpg_id5244D411CD7CBA95
$ find ~/code/app/secrets
~/code/app/secrets/.gpg_id~/code/app/secrets/production/user.gpg~/code/app/secrets/production/api_token.gpg
$ cat ~/code/app/secrets/.gpg_id5244D411CD7CBA95
$ export PASSWORD_STORE_DIR=~/code/app/secrets$ export USER=`pass show production/user`$ export TOKEN=`pass show production/api_token`$ heroku config:set GITHUB_USER=$USER \
GITHUB_API_TOKEN=$TOKEN
$ export PASSWORD_STORE_DIR=~/code/app/secrets$ export USER=`pass show production/user`$ export TOKEN=`pass show production/api_token`$ heroku config:set GITHUB_USER=$USER \
GITHUB_API_TOKEN=$TOKEN
$ export PASSWORD_STORE_DIR=~/code/app/secrets$ export MY_ID=5244D411CD7CBA95$ export ADAS_ID=44A7B1E354AF81E2$ export ALANS_ID=BA29EE533AF39B21$ pass init $MY_ID $ADAS_ID $ALANS_ID
$ export PASSWORD_STORE_DIR=~/code/app/secrets$ export MY_ID=5244D411CD7CBA95$ export ADAS_ID=44A7B1E354AF81E2$ export ALANS_ID=BA29EE533AF39B21$ pass init $MY_ID $ADAS_ID $ALANS_ID
$ export PASSWORD_STORE_DIR=~/code/app/secrets$ export MY_ID=5244D411CD7CBA95$ export ADAS_ID=44A7B1E354AF81E2$ pass init $MY_ID $ADAS_ID
$ export PASSWORD_STORE_DIR=~/code/app/secrets$ export MY_ID=5244D411CD7CBA95$ export ADAS_ID=44A7B1E354AF81E2$ pass init $MY_ID $ADAS_ID