如何使用敏感数据运行cron作业？ [英] How to run cron jobs with sensitive data?

问题描述

我阅读了在哪里可以设置环境变量crontab将使用？关于如何为cron运行的脚本设置ENV变量。

I read Where can I set environment variables that crontab will use? about how to set ENV variables for my scripts running by cron.

最明显且可行的解决方案是将变量放在crontab之上计划文件，例如：

The most obvious and working solution is to put variables on top of crontab schedule file like this:

MYVAR=something
* * * * * /somescript.sh

在我希望我的脚本使用敏感值（例如登录名/密码）登录之前，这似乎很好一个数据库进行转储。

This seems to be fine until I want my script to use sensitive values like login/password to login to, e.g. a database to make a dump.

我该如何确保这些数据的安全性并仍然能够将其发送到由cron运行的脚本中？

How do I keep this data safe and still being able to send it to my scripts that are ran by cron?

推荐答案

我看到这个问题与脚本和密码/帐户管理有关，这仍然是一个开放主题，据我所知没有解决此问题的简单方法。只需将凭据存储在单独的文件中，然后通过脚本加载即可。限制凭据访问该文件（仅root）。如果您要访问的服务已经安装了某种负载系统，例如〜/ .mysqlrc ，则可以直接使用它来访问该服务。

I see this questions is related to the scripts and password/account management in general, which is kind of open topic still and to my knowledge there is no "simple" way to solve this. Just storing the credentials in a separate file that you would load then through the script. Limiting the credentials access to that file (i.e. root only). If the service you trying to access already has some kind of load system in place, like ~/.mysqlrc, you could make use of that directly to access the service.

更多信息可以在这里找到： https://unix.stackexchange.com/questions/212329/hiding-password-in-shell-scripts

More info can be found here: https://unix.stackexchange.com/questions/212329/hiding-password-in-shell-scripts

这篇关于如何使用敏感数据运行cron作业？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！