On Wed, Aug 16, 2017 at 02:24:15PM -0300, Esteban A. Maringolo wrote:
> My solution in the cases where I was worried about a config file leak
> was to mitigate the risk, by using symmetric encryption algorithms,
> where the shared secret is split in two different strings and
> concatenated at
I am clueless when it comes to encryption and safety , so as you would
expect I will offer my opinion on this.
I do not think that encryption from the side of Pharo would be a good idea
because having the image you have access to everything . Including any kind
of context even its not stored in a
Todd, i think you are right, I can't get around it - I need to pass something
from my live environment (where it's kept encrypted) into my image.
I can however potentially simplify the setup by passing a single key that I can
use to unlock a PasswordVault in my image and it can have multiple
I do a lot of deployments on AWS elastic beanstalks.
I put the credentials into environment variables on the beanstalk.
When running locally, the credentials are in the environment on my machine.
> On Aug 16, 2017, at 9:55 AM, Tim Mackinnon wrote:
>
> Hi - I’m struggling to
Apologies for top quoting; there isn't any single place which seemed
appropriate.
A colleague of mine who worked for a Swiss bank (they take security
seriously) addressed this by NOT keeping the credentials in the image.
1. Set up a distinct user intended solely for running the application.
2.
2017-08-16 13:55 GMT-03:00 Tim Mackinnon :
> ./pharo Pharo.image eval "(ByteString allInstances)”
>
> I think you would ulimtately find those strings unless the Class encrypts
> them in some way right?
>
> So I’m wondering why we don’t have an EncryptedString object for just this
Hi - I’m struggling to find something that I saw that discussed this issue kind
of.
In my image (its actually a headless one - but this could apply to a fat image
too) - I build an application that needs access to a service (in this case an
S3 bucket).
The AWS library I’m using (but others