On Wed, Aug 16, 2017 at 02:24:15PM -0300, Esteban A. Maringolo wrote: > My solution in the cases where I was worried about a config file leak > was to mitigate the risk, by using symmetric encryption algorithms, > where the shared secret is split in two different strings and > concatenated at runtime. The image, in turn holds the encryption key
Take a look at SpsSplitPasswordStore, which is a simple secret splitter. http://ss3.gemtalksystems.com/ss/SpsSplitPasswordStore.html/ http://samadhiweb.com/blog/2013.08.11.splitpasswordstore.html Can be adapted to encrypt/decrypt the secret, with the cipher key also split, perhaps with one part stored in the image and another part fetched online from somewhere. I haven't touched the code in a while, but the Pharo 5 image that runs my blog is using this for the RFBServer passwords. Pierce