-1

I have a batch job which should run as cron job on a Linux server. This job requires some credentials to do it's work. Idealy I don't want to have that kind of credentials stored on my server, but obviously I have to.

Beside giving only the batch job user read access to the file holding the credentials: Are there other tricks, techniques, ... to make such a scenario more secure? How do you store for example private keys required by batch jobs?

Achim
  • 149
  • 1
  • 7
  • What sort of credentials does it need? If the cron script runs as root, it's secure enough to store the private key (with proper permissions) under root's folder (in the case of an SSH/SCP connection). Of course, it's only as secure as the box itself. – Nathan C Nov 12 '13 at 19:39
  • It needs the access key for AWS to start an EC2 instance. I would prefer to let the job run not as root, but as a dedicated user for just this job. – Achim Nov 12 '13 at 20:13

1 Answers1

1

It's not a general answer, but an answer to my problem. My use case was to allow jobs to start EC2 instances. Amazon provides functionality to allow jobs on specific instances to access AWS functionality without storing credentials on the instance itself: http://docs.aws.amazon.com/IAM/latest/UserGuide/role-usecase-ec2app.html

Achim
  • 149
  • 1
  • 7
  • 1
    I'm glad you've found an answer, but if you'd been more specific in your question you'd probably have got an answer much sooner. – MadHatter Nov 18 '13 at 11:06