Options for hiding keys in installation arguments while using Chocolatey?

Question

Are there any specific methods for hiding keys that are required for installing packages? I want to use Chocolatey to install an application to several servers. The installation command requires a secret key be used for installation.

chocolateyinstall.ps1 contains:

....
$silentArgs = '/S /V" /qn SECRETKEY=555444333"'

After the package is installed on the Windows server, Chocolatey leaves the chocolateyinstall.ps1 file on the computer. This contains the secret key that is used for installation. Are there any particular methods for hiding this key? I don't want users to be able to view this key. Should I script out a command to delete the chocolateyinstall.ps1 file or is that file used for updating software?

Answer 1

In the open source version your options are limited. A couple of suggestions that spring to mind:

1. Create a package parameter and pass the secret key to the package that way;

2. Create an environment variable on each server with the key and in your chocolateyInstall.ps1 reference that variable (and write some code around sanity checking it);

3. Use a vault of some flavour to hold the keys in there and pull them out in the chocolateyInstall.ps1;

4. Depending on which user Chocolatey is running under you may be able to use Windows DPAPI to securely hold the key;

The disadvantage of all of these is that if logging is turned on, the secret key will still be available in the logs.

In Chocolatey For Business there is --package-parameters-sensitive which does not log parameters that are passed using it:

--package-parameters-sensitive=VALUE
     PackageParametersSensitive - Package Parameters to pass the package that
       are sensitive and you do not want logged. Defaults to unspecified.
       Available in 0.10.1+. [Licensed editions](https://chocolatey.org/compare) only.