From owner-freebsd-questions@freebsd.org Wed Sep 5 00:52:01 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 51367FCFDA1 for ; Wed, 5 Sep 2018 00:52:01 +0000 (UTC) (envelope-from aimass@yabarana.com) Received: from mail-ua1-x92e.google.com (mail-ua1-x92e.google.com [IPv6:2607:f8b0:4864:20::92e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id ED5A789616 for ; Wed, 5 Sep 2018 00:52:00 +0000 (UTC) (envelope-from aimass@yabarana.com) Received: by mail-ua1-x92e.google.com with SMTP id 101-v6so4452929uav.7 for ; Tue, 04 Sep 2018 17:52:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yabarana-com.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=6llt7fcpHFja742lz/tAaALkidabfofq1WAbXzPoob0=; b=fw9M79F1Bh327lCffYqWvZOufNC9q02M35rOr7SVzrxoBpBqrwxH2XvFHWQQlNB0oP +pL7et/HGoQlUN+UpDqXG7eVjf++TJELaZZhtsSXj78xiW0QhN1POEddOKZ48y2HDwJl xaenUJ08sR6QcWbnmRronZhlQxJUonqczZrr2ZMXIDQs+lFF2yQWUY1b8GaqAFmUetdB axg94chJ1Dw6MjFG4ps85w8MjzQ4Elm7bXBPSlK8g2WL2xpYaGRjXsov9nhPXzc0U4Io yX1cNWAtCk7j/NeJeWPgckiLH3NlqOLDpcpQPYi4N+nDaAVrCqgPmTi4rh+JE0DR4wZj Ah7A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=6llt7fcpHFja742lz/tAaALkidabfofq1WAbXzPoob0=; b=uF8W4qNXkn8dHmm6VVo6CxLVhJ8aoytpvGGeU/XQ805m3OAVEiFBvndPPfCutNSeCv gze6vErgV0M6n+gT9GXt7Ngj6MmeBnLFGCUZIhOd+OyMb3ArosPLO/Rh8YQ+xspG230s wu8I/wWRsYH7erDPBUsKbAMRieK7HyKfQNdHrAti6PMSNdQXgroJSrEJttt4/rVHxnP1 tisqlJ5dfNBExA/hjOIb8dJdpT0zlfPZ0QkNF2zyUYjuEgfywE2+/dUMNfNcB421FhyU zaKVRwR3wMAMNjsPQg/bypOTybp55zzeUjr5zfiEcKngtwlwnjY7BPD55OAmslJX8jzY 3P4A== X-Gm-Message-State: APzg51CZgvAQS1r00GO2H6mNm+FuXu8pjryMTRzMvtg3Rkgr1kScHG4R eFcAhbLzBrCQd6KvED3kqzQQG8sQMy3JYkN19fLnljX8VC8= X-Google-Smtp-Source: ANB0VdYdGGlOcKlg2FXEhKczOSMWvO6gddi2/5Hgl2cig7g4tJi5pzVUG77KzGtrSrRxpQ78VtAr3XwaNVNcI/TVipk= X-Received: by 2002:a67:3fca:: with SMTP id q71-v6mr11374130vsi.1.1536108719961; Tue, 04 Sep 2018 17:51:59 -0700 (PDT) MIME-Version: 1.0 From: Alejandro Imass Date: Tue, 4 Sep 2018 20:51:49 -0400 Message-ID: Subject: Credentials/keychain/keystore for server applications on FreeBSD? To: FreeBSD Questions Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.27 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Sep 2018 00:52:01 -0000 Hi, Are there any tools that can store application credentials in encrypted form and then provide them to applications in a secure manner at runtime ? I=E2=80=99m looking for a generic tool that provides some sort of protocol = with timeouts etc. For example, a server application needs user and password for database access and can query this tool for them on startup exactly one time. Maybe the tool could control the number of times it gives out the credentials or timeout after a certain period (e.g. 2 minutes after reboot) Then would require authentication to open up the vault again. There must be a better way of managing all the disparate credentials that several applications may need in a secure way instead of storing these credentials in clear text in some config file which is what most people do.. maybe something like the JKS but generic to any type of app with some relatively secure protocol. TIA for any pointers or ideas. Alex