Ok, after sharing this problem with fellow security aware engineers, it turns out that this question is actually 2-fold:
How to configure my app without putting the secret in the code?
How to store the secret?
The first question has an easy answer: putting secrets in the environment is considered best practice (cf http://12factor.net/config).
The answer to the second question is essentially another question: What is the threat model? My own reasoning: What would it take to get the passphrase? Be root. Can I prevent anything if the person is root? No, root can fetch anything in memory. Root can steal the data processed by the python program before it even gets processed. Next threat model is somebody who gets access and is a non root user. I can prevent these users to read the passphrase if I store it in a file with proper access right.
So what I will do is to replace:
read -s -p "passphrase :" passphrase
and set the file to belong to root and be non readable otherwise. I will update this answer if this does not work.
Asked in February 2016Viewed 3,103 timesVoted 13Answered 1 times