0

I have a web application that is designed to be deployed to a dedicated host for each of my customers. In order to manage secret keys, customer-specific credentials, etc. in a secure way, I've turned to environment variables.

Where should I define environment variables in production?

I am aware of several possibilities: /etc/profile, ~/.bashrc, and similar files load up when a terminal session is started; I haven't gone with these because I don't know if it is considered a best practice to do so. I've tried storing them in the systemd config for my application, but this only makes them available for the main process, so migrating databases when code changes are deployed doesn't work so well. I'm aware of several tools that seem to "magically" handle environment variables for you, but let's assume I'm not using one of those; I want to handle these in my own install and deployment scripts manually. I'm also interested in keeping secret things secret, so the security of where environment variables are stored is also an issue for me.

Adam
  • 223
  • 2
  • 7
  • Who should be allowed to have access to which environment variables? – Michael Hampton Dec 29 '16 at 23:55
  • Only the server's root user should have access to any of them outside of the main application, which runs as a non-root user in the www-data group. – Adam Dec 30 '16 at 00:10

1 Answers1

1

I suggest putting environment variables in or more files under /etc/profile.d/*.sh. For example, /etc/profile.d/app.sh. Easier to push out when you control the entire file, and automatically sourced by login shells on Debian and Red Hat.

Owned by root, group www-data, and no read by others will restrict read access to the files. Know that on Linux environment variables are visible via /proc//environ however only to the process owner and root.

You may wish to further restrict additional profile files, for passwords or other sensitive data. Perhaps call it /etc/profile.d/appsecret.sh.

John Mahowald
  • 32,050
  • 2
  • 19
  • 34