Is there a way to encrypt .env file without breaking igm app ?
Closed this issue · 3 comments
I am worried that all my credentials are written clear in the .env file.
Can I encrypt or protect that file and keep igm working properly? How?
Appreciate that having clear text credentials are never great. It's the same as setting environment variables as well really.
As long as your home directory is secured with the correct chmod access permission restricted to the current user then you should be fine.
Again if your host is already compromised then really nothing on the system is safe, this includes accessing the system as root user. You can basically bypass all permissions.
It's possible to add a solution to the tool to encrypt and decrypt the credential file but that would require adding a new module specifically for handling that. Additionally it may also require you to enter the master password in order for the decryption to happen so that IGM can then later parse it to the applications. This might be an annoyance having to provide this every time you want to redeploy etc.
If you're really that concerned, you can actually encrypt the file yourself and when you want to use the tool again for redeployment etc, you'd first need to decrypt the file back to the original state for the tool to use. That's also an option, but it would require you to do the de/encrypt yourself.
de/encrypt myself is totally fine. Thx
I close the ticket