From nobody Wed May 18 08:26:56 2022 X-Original-To: freebsd-ports@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 526A51B37F4C for ; Wed, 18 May 2022 08:27:07 +0000 (UTC) (envelope-from pat@patmaddox.com) Received: from wout5-smtp.messagingengine.com (wout5-smtp.messagingengine.com [64.147.123.21]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4L35gt0pK8z3D4x for ; Wed, 18 May 2022 08:27:06 +0000 (UTC) (envelope-from pat@patmaddox.com) Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.west.internal (Postfix) with ESMTP id 3BF4432008C0; Wed, 18 May 2022 04:26:59 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute3.internal (MEProxy); Wed, 18 May 2022 04:26:59 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=patmaddox.com; h=cc:content-type:date:date:from:from:in-reply-to:message-id :mime-version:reply-to:sender:subject:subject:to:to; s=fm3; t= 1652862418; x=1652948818; bh=VYDaDEGOMid/HNjCw2+pSWWbHlBRnThR49l lOxIK3Fc=; b=09XmYS+2A/o9joAGGg4VZ41w9wIZSDkDZFqKZi6kx48XdV7/sUR /nVrdBApk6uE8xGEUmdRJilxwRq4aRzc6r8auP2G1yKimO9J4wnbu3IISCfMkn+k 7hiiB/oxUVC3JcyevFLVszoer/iuFdCpJY4uj8DLW9rc+PcBUEMewWIMzEHvyGJ+ tPJSD8YSJ58ec/RAzLBLqjztCYYkXQYamTljgMDv1NhPwLhJL5aPiELNkD8JovrU hhV/7fNijd5Z3Da/V0VkZfUh4l593577xooh1TL+NG+gQnlVge321rbnmBJBHmC9 1A3B2YAIi9qGuJHsNGBO5rxjU+qqRVghREQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:date:feedback-id :feedback-id:from:from:in-reply-to:message-id:mime-version :reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=1652862418; x= 1652948818; bh=VYDaDEGOMid/HNjCw2+pSWWbHlBRnThR49llOxIK3Fc=; b=Q oAUnnC1mO7Dmux4LlF+RI3w1GuFsQOKUq1IpjpuQvoN4VfrirhjJqWVNL25kkBtp XsvekC9DrOVVRBfX24zzQ2g2DpvH1LdW9K+DyujBwiNioLkQLb8nk6MJ6kAyJSoC 66W7WHxqUL88US33RnDXzlD1QtyouBwCgoJkMeIWnXSbLt4yHfC/kVC/jpjljBfe QTd26QBwGPGO8lD236xTlkDpyhY8NjnqhSyLaRDx5Yni1isHY4ElS3hBwPOvczXn aFhPE4V5OnLtJfSECO2nuWaZq3FnBklytToy9dxEH6+kYiyGL/qMS9f55KpKe8Ga u8J2JAjcza7ID+B3Ny0hA== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvfedrheelgddtvdcutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhephffvufffoffkgggtsehttdhmtdertd dtnecuhfhrohhmpedfrfgrthcuofgrugguohigfdcuoehprghtsehprghtmhgrugguohig rdgtohhmqeenucggtffrrghtthgvrhhnpeejleejfeeuiefhhfdugfehgefhvddutdetgf fgheetjeehvdffveekteekveegjeenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgr mhepmhgrihhlfhhrohhmpehprghtsehprghtmhgrugguohigrdgtohhm X-ME-Proxy: Feedback-ID: i8b6c40f9:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA for ; Wed, 18 May 2022 04:26:58 -0400 (EDT) From: "Pat Maddox" To: freebsd-ports@freebsd.org Subject: Where to store configurable secrets? In group-readable etc/app.conf ? Date: Wed, 18 May 2022 01:26:56 -0700 X-Mailer: MailMate (1.13.2r5673) Message-ID: List-Id: Porting software to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-ports List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-ports@freebsd.org X-BeenThere: freebsd-ports@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; format=flowed; markup=markdown X-Rspamd-Queue-Id: 4L35gt0pK8z3D4x X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=patmaddox.com header.s=fm3 header.b=09XmYS+2; dkim=pass header.d=messagingengine.com header.s=fm1 header.b="Q oAUnnC"; dmarc=none; spf=pass (mx1.freebsd.org: domain of pat@patmaddox.com designates 64.147.123.21 as permitted sender) smtp.mailfrom=pat@patmaddox.com X-Spamd-Result: default: False [-3.59 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:64.147.123.21]; TO_DN_NONE(0.00)[]; RCVD_COUNT_THREE(0.00)[4]; DKIM_TRACE(0.00)[patmaddox.com:+,messagingengine.com:+]; NEURAL_HAM_SHORT(-0.99)[-0.986]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; SUBJECT_ENDS_QUESTION(1.00)[]; ASN(0.00)[asn:29838, ipnet:64.147.123.0/24, country:US]; RCVD_TLS_LAST(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_IN_DNSWL_LOW(-0.10)[64.147.123.21:from]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[patmaddox.com:s=fm3,messagingengine.com:s=fm1]; FREEFALL_USER(0.00)[pat]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-ports@freebsd.org]; DMARC_NA(0.00)[patmaddox.com]; RCPT_COUNT_ONE(0.00)[1]; DWL_DNSWL_LOW(-1.00)[messagingengine.com:dkim]; MLMMJ_DEST(0.00)[freebsd-ports] X-ThisMailContainsUnwantedMimeParts: N I am working on an app that reads database credentials from DATABASE_URL env var. I've got an rc script that starts it up fine. I want to double-check how I should be configuring it: I have put it in /usr/local/etc/myapp.conf chmod 770. Is that right, or is there some other mechanism for setting secret env vars for rc scripts? Pat