> Postgres has the ability to do passwords, so do I just put a password in my > program source? Set Postgres to only accept local connections, and hope for > the best?
The config-management systems do this with encryption: take a look at Chef (encrypted data bags) and Ansible (ansible-vault). I've used each of these, and I've also rolled my own with files stored under cryptsetup and TrueCrypt. You /can/ store the passwords/keys with your code but not in plain text. Keep your encryption keys in a place separate from your code, and protect them with 2-factor auth (a keyfile and a memorized passphrase, read up on ssh-keygen for a simple example of what I mean). If you're really paranoid, also add Google Authenticator on top of that. Just remember: keep those plain-text passwords off the network and out of your code base. -rich _______________________________________________ Discuss mailing list [email protected] http://lists.blu.org/mailman/listinfo/discuss
