bcrypt或任何其他类型的cryto可以跨多台机器/应用程序吗? - can bcrypt or any other kind of cryto be used across multiple machines/applications?

- 此内容更新于:2016-02-01



So I want to store a password in a config file that can be shared across my servers/applications. I have never used a hashing algorithm like bcrypt in this manner, but I have 3 applications I want to use the same password for. I really don't want to store the password in plain text (as it will just be out on the company network drive) so what are my options?


(原文:What do you want to do with the password? Bcrypt doesn't support decryption if that's what you're asking.)


(原文:@ArtjomB. I'm storing a set of user's credentials in the config so when the applications have to access third party software, they have the credentials to use.)


(原文:Then you have to use actual encryption. Basically, anything that can decrypt. I can't assess if you need symmetric or asymmetric crypto from the provided requirements. Either way, I have the suspicion that anything you do will only be obfuscation.)


(原文:@ArtjomB. obfuscation is probably ok for these purposes. I just need something that will keep from storing a password in plain-text in the file. I'm used to using bcrypt but I've never used it across different applications so I wanted to make sure it would work in this case (which it doesn't look like it will). What do you suggest I look into?)


(原文:Use symmetric crypto for the secrets. Store the key for the symmetric crypto in a private place such as a shell script with restrictive permissions; that script sets an environment variable with the key. The app reads that environment variable and uses it to decrypt the secrets. You may also want to add a way (such as a rake task) to encrypt a secret; that task can be used to encrypt secrets, the encrypted secret then being pasted into the config file or wherever. You probably want to use base64 or some other suitable method to translate the nominally binary key, iv, and ciphertext.)