OP here: just to provide some additional info on the audit requirement.. As some mentioned, you cannot stop a determined hacker, and that's not necessarily the point of the requirement. The idea is you shouldn't just hand credentials to anyone walking by whether they need them or not. According to the requirement, you shouldn't have code in your script like this: 

my $DBH = DBI->connect('dbi:mysql:host=server.example.com', 'dba', 'my
+dbapassword');

[download]

The idea is you store the credentials in an external file that never hits version control (many people don't think about passwords sitting there). The passwords in the external file are encrypted, so that should the file fall into the wrong hands (misconfigured web server, file symlinked into FTP root, etc) the passwords aren't easily obtainable. Likewise, if someone gains access to your source code repository they shouldn't be able to gain DB/LDAP/web service passwords from the code. Lastly, with passwords in a separate file you can be more pedantic about file-system ACLs to control access to the file, in addition to the other safeguards in place. So, ultimately it's a good requirement, I'm just surprised there's no existing CPAN module to implement it.

Thanks to all for your help! I think I will go down the road of serializing the credentials and encrypting the resulting file. Who knows, maybe I'll try to contribute my work to CPAN (with my company's approval) for others.

In reply to Re: Storing credentials in a cross-platform binary file? by Anonymous Monk
in thread Storing credentials in a cross-platform binary file? by Anonymous Monk

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.