• Status: Solved
  • Priority: Low
  • Security: Public
  • Views: 48
  • Last Modified:

Proper way to handle encrypted passwords in deployment process.

I have an encrypted data file which stores credentials for an environment - these credentials are used as part of an automated scripted deployment solution. Basically a process runs a number of scripts/installers to configure a windows environment, if one of these scripts/applications needs a password a 'middle-man' application is called with an 'action' parameter which will then call the target application directly and pass in the decrypted username/password pairs.

The idea behind this is the 'middle-man' application will be the only tool capable of decrypting the password and will then be only to run a defined set of commands using these passwords. By defining the exact commands that can be run and passed a secure parameter I can ensure no passwords are logged and that the "middle-man" application cannot be used in an improper way...

Hopefully that makes sense... The question here is - is there a better way of doing this, it seems like a very over-engineered solution which requires rewrites of the "middle-man" application every time a new action is needed in the installation process which requires a password?

Any ideas appreciated.
0
Blowfelt82
Asked:
Blowfelt82
  • 2
2 Solutions
 
AndyAinscowFreelance programmer / ConsultantCommented:
A possible alternative would be that the 'middle man' app does everything from an encrypted script.
In other words you create a script with all the commands and necessary login info.  The app reads this the script, decrypts it and performs the actions, passing username/password when supplied in the script.

If you need to modify anything then just create a new script, encrypt it and pass that to whoever needs it
0
 
sarabandeCommented:
Perhaps you could use the standard encryption/decryption using a public and private key-pair
.

your app would have the public key of each receiver and encrypts the scripts to pass to the receivers by using the corresponding public key. then the app sends the encrypted script to the receiver. the receiver receives the encrypted script and decrypts it using its private key. then the script could be performed at the receiver's computer.

Sara
0
 
sarabandeCommented:
There was no response but the Author asked for 'ideas' which were given by both the comments.

Sara
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now