-
-
Notifications
You must be signed in to change notification settings - Fork 325
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security issue with aesbackend.go environment variable #362
Comments
Since the cc @rubiojr |
Thanks @Profpatsch, a common and valid concern that we can probably mitigate (see restic/restic#2910 and restic/restic#521 for example for similar discussions and other alternatives), though if you run Beehive in an untrusted environment or executing rogue code (say via exec bee or linked modules), you'll probably have bigger issues. I need to revisit the Happy to help with a review if you feel like addressing this yourself before that happens. |
That is not the problem, the problem is with the environment variable accidentally leaking; you regularly have processes which dump the whole environment into log files for example. |
Opened a PR to retrieve the secret from an external command: Add support for reading AES backend password from external command |
The
-encrypt
option introduced in #295 allows the config file to be encrypted via theBEEHIVE_CONFIG_PASSWORD
environment variable:beehive/cfg/aesbackend.go
Lines 225 to 239 in 57a4fab
In general, using an environment variable for a password is more secure than using a command line argument, with one caveat:
You need to unset the variable after reading it. Otherwise it will leak into any process that beehive spawns directly or indirectly and any library that is used by the bees, which is a security risk.
The text was updated successfully, but these errors were encountered: