Configure Your Cloud Service

API keys, passwords, etc. How do we store and pass these data to our cloud service?

Store them with code and manage them by a revision control system? Not a good idea.

How about environment variables? The twelve-factor app recommends this. MySQL End-User Guidelines for Password Security suggests against this recommendation. My view was that since on reasonably recent Unix systems, environment variables is only readable to the user (euid) running the process, it is fine to use environment variables until Shellshock has made me uneasy about using environment variables. I am not worrying about an attacker stealing contents of environment variables, but worrying that we might give an attacker an opportunity to exploit Shellshock. To prevent this, we will need to…

  • Sanitize environment variables,
  • Remove unrecognized environment variables, and
  • Make sure that bash is patched.

However, it is hard to implement these countermeasures right particularly because environments are “implicit” by default.

The plain old files are arguably the safest and not least convenient method so far. We will deploy config.txt the same way we deploy my-server, and we may now remove all environment variables before we start a new process.

# Start my-server...
env - my-server --config /path/to/config.txt
# Launch a sub-process...
subprocess.Popen(
    ['my-server', '--config', args.config], env={})

Oh, by the way, coreos etcd looks promising.

Creative Commons License
This blog by Che-Liang Chiou is licensed under a Creative Commons Attribution 4.0 International License.