EVE-NG Workbook (Amazon Kindle)
April 25, 2024
Secured Bash environment
I always need to set critical environment variables on my Bash (API tokens), and of course, it’s a very bad idea to store them on .bashrc
. I found a simple way to store them in an encrypted file loading it only when necessary:
- Store critical variables under
.bash_secure
(you mustexport
each variable). - Encrypt it with
gpg -c .bash_secure
. - Secure delete the clear text file with
shred -u .bash_secure
. - Load secured environment only when needed
source <(gpg -q -d ~/.bash_secure.gpg)
Don’t put the load command into .bashrc
because commands included in .bashrc
must not emit output.