Best practice for managing secrets (passwords, private keys) used by Python scripts running as daemons
Gregory Ewing
greg.ewing at canterbury.ac.nz
Mon Mar 26 01:12:37 EDT 2018
Peter J. Holzer wrote:
> (Historically, many unixes allowed all users to read the environment
> variables of all processes. I don't know if this is still the case for
> e.g. Solaris or AIX - or macOS)
A quick test suggests it's still true in MacOSX 10.6:
% ps aeuww
USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND
root 254 0.0 0.1 2436216 1668 s000 Ss 6:07pm 0:00.02 login -pf
greg PATH=/usr/bin:/bin:/usr/sbin:/sbin
TMPDIR=/var/folders/pt/ptWbIBidFOGihAoVFzVWZU+++TI/-Tmp-/ SHELL=/bin/tcsh
HOME=/Users/greg USER=greg LOGNAME=greg DISPLAY=/tmp/launch-E3mIkg/org.x:0
SSH_AUTH_SOCK=/tmp/launch-Lq6SPh/Listeners
Apple_PubSub_Socket_Render=/tmp/launch-k6nWyL/Render COMMAND_MODE=unix2003
__CF_USER_TEXT_ENCODING=0x1F5:0:0 TERM_PROGRAM=Apple_Terminal
TERM_PROGRAM_VERSION=273.1 LANG=en_NZ.UTF-8 TERM=xterm-color
...
--
Greg
More information about the Python-list
mailing list