LinuxQuestions.org - openssl: using a protected password in a script

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - openssl: using a protected password in a script (https://www.linuxquestions.org/questions/linux-security-4/openssl-using-a-protected-password-in-a-script-783110/)

openssl: using a protected password in a script

Hi All,

I have a bash script that will unencrypt a file, use the unencrypted file for a very short time and then delete the unencrypted file.

The problem is that my password is in clear text

Code:

  openssl des3 -d -salt \

      -out tempFile \

      -in encryptedFile.des3 \

      -pass pass:clearTextPassword

Obviously this isn't so secure, but I need the script to be non-interactive. How do I hash, encrypt or otherwise make secure the password for the openssl command?

I know that the openssl can protect passwords, e.g.:
openssl passwd -crypt "password"
But can I use this protected password in my script?

Any advice would be most appreciated!

Worse than it being in the script it is also going to show up in a ps aux... using file: pathtofile is better, but still the same base problem of storing an unencrypted password. There is no way around that as far as I know and still having it completely automated... make minimum necessary permissions, put it as a .file in the home directory of the user calling it, etc.

...and besides the unencrypted file will be available for reading from file or memory anyway as a result of all of this "protecting".

OK, all good points - thank rweaver and unSpawn.

I changed the process (painful but I am the main user anyway) so that we read the password each time.