Where to store security credentials (aka passwords) for special cron jobs?

2

1

I want to write a cron job that authenticates for a certain mail account. As there are multiple ways in giving the script those credentails: config file, hardcoded in script, arguments in cronjob call,.. Where do I put those credentials?

(Currently I would favor as giving them the script via arguments as the script is then independent. But is that secure?)

Thanks for your thoughts.

math

Posted 2012-05-03T11:04:53.117

Reputation: 2 376

Answers

2

Put the credentials into a file that has restricted read access.

Unless your cron tables already have similarly restricted read access. As grawity noted, putting the credentials into the crontab can result in them leaking to logs and/or email. Thus, it should be strongly discouraged and they should be properly protected inside a file.

Der Hochstapler

Posted 2012-05-03T11:04:53.117

Reputation: 77 228

4Don't put them in the crontab itself; all cron jobs are logged in syslog and can sometimes be sent by email. – user1686 – 2012-05-03T11:17:12.240

@grawity: Ahh, yes as you have written this I remember some weekly cronjob mails. – math – 2012-05-03T11:19:44.207

Asked: 2012-05-03T11:04:53.117

Viewed: 1 466 times

Active: 2012-05-03T11:22:06.210