Twitter keys ENV variables about tiny-care-terminal HOT 11 CLOSED

I did not managed to test it on FreeBSD, recent Ubuntu/CentOS seems not have this problem anymore.

Anyway, env variables are terrible - they leak everywhere - cronjobs, child shellscripts, etc. Also you cannot change them without restarting process. but anyway, this is out of scope of this ticket.

from tiny-care-terminal.

Without looking further - storing any secure information in ENV variables is bad. They are visible with 'ps' command to every other user on the computer.

Secure way is to store them in the file and pass file name in ENV variable.

from tiny-care-terminal.

@gasparch It seems ridiculous. See. Any PoC? E.g.

ps eww [pid]

from tiny-care-terminal.

I need to re-check my beliefs about ENV on different OSes. Back in time it was insecure way of storing info.

Also Linux is not only Unix/Unixlike OS to exist in the world :)))

from tiny-care-terminal.

@gasparch

Also Linux is not only Unix/Unixlike OS to exist in the world :)))

Agree. I would like to have some PoCs under other OSs. But I doubt that would be the responsibility of OSs. Not applications. Disclaimer: I'm a fan of The Twelve-Factor App

from tiny-care-terminal.

@andreicek i had originally kind of left them vague like that in case you set twitter keys for a different project. im worried if i change them now, people's stuff will break :(

from tiny-care-terminal.

@notwaldorf Tag a new version maybe?

from tiny-care-terminal.

after installing this from npm, how do i set the env variables ?

from tiny-care-terminal.

@robophil I've added some instructions here: https://github.com/notwaldorf/tiny-care-terminal/blob/master/README.md#setting-the-environment-variables

It really depends on what you're using :(

from tiny-care-terminal.

Fixed in b8ead55

from tiny-care-terminal.

Thanks @notwaldorf I'll check it out

from tiny-care-terminal.