[Pharo-dev] Bloc: Safe to Store SSH Passphrase in Pharo?

Tim Mackinnon tim at testit.works
Thu Aug 31 07:36:26 EDT 2017


To further her add to what Peter is saying - in GitLab you can add secret variables (which are encrypted) and can be referenced only during the build process.

So you can call your image with the value of one of these variables. Which is fine if you don't persist the value.

I'm wondering if we have a concept of "transient" variables that don't persist on image save? Then iceberg could use one of those, and expect you to pass that value through on the command line of Pharo?  I was toying with the idea of having an encrypted vault in my image (to hold multiple values for convenience) and I would then pass an unlock value on the command line - but I would need some way to ensure that value isn't persisted? Is this where a plugin might help? Something to save a value transiently only during image execution?

Tim

Sent from my iPhone

On 31 Aug 2017, at 12:52, Peter Uhnák <i.uhnak at gmail.com> wrote:

>> So you do not put passphrases on your ssh keys?
> 
> Not always.
>  
>> Because you don't give the private key away why protect it? So imagine you have development process that includes a jenkins that needs to build the source and therefor needs access to the repository. What do you do?
> 
> I give it a password-less ssh key, encrypted in some manner. (I do not know what Jenkins offers, but both Travis and GitLab(Runner) support file/data encryption.)
> Adding the build server a password on top of the key would make no difference. If you have access to one, you have the access to the other.
> 
> Peter
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.pharo.org/pipermail/pharo-dev_lists.pharo.org/attachments/20170831/cebc2d98/attachment.html>


More information about the Pharo-dev mailing list