Re: Best way to store passwords

There is no one size fits all answer. In general you have the choices of carefully protected plaintext storage in a secure location (ideal for fully automated processes) or encrypted data protected with a passphrase you enter when you login interactively.

In a fully automated environment, your system needs all info sufficient to access the plain text so if the computer is compromised the system has enough information to access the plain text no matter what you do.

On the other hand for interactive workloads, you can use AES (see Crypt::OpenSSL::AES) to encrypt the passwords with a passphrase you enter.

You might also consider measures outside your application and use full disk encryption.

Comment on Re: Best way to store passwords

Replies are listed 'Best First'.
Re^2: Best way to store passwords by Special_K (Pilgrim) on Nov 06, 2013 at 19:44 UTC
In this case my scripts are fully automated and need to run without any manual input. The KeePass modules mentioned above seem to still require you to store your master password in plaintext to access the database. To me, that seems less secure than only storing the specific passwords I need in plain text.	[reply]
Re^3: Best way to store passwords by einhverfr (Friar) on Nov 07, 2013 at 07:38 UTC
Yeah. For fully automated environments, plain text with appropriate controls there, is the best you are going to be able to do. Your best encryption is going to be something like full disk or partition encryption which requires you to enter a password at boot or mount time.	[reply]