From owner-freebsd-questions@freebsd.org Wed Sep 5 02:47:55 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0152FFDAF79 for ; Wed, 5 Sep 2018 02:47:55 +0000 (UTC) (envelope-from aimass@yabarana.com) Received: from mail-ua1-x92b.google.com (mail-ua1-x92b.google.com [IPv6:2607:f8b0:4864:20::92b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 7DB798D24E for ; Wed, 5 Sep 2018 02:47:54 +0000 (UTC) (envelope-from aimass@yabarana.com) Received: by mail-ua1-x92b.google.com with SMTP id r15-v6so4633115uao.1 for ; Tue, 04 Sep 2018 19:47:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yabarana-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=K3tTzxQSgnM5YdTwpvR29suf8F/f2H20aNcQAzC5hp0=; b=RBT/W7ocBy96F2RXg/6Wy4P8HyyyK3UGKDsJ8YL/oMF60+ryrDVJIOlai/LBB09N/J JUGhsakZvcH5OsyAIzcCwp9+/kHCDHRrQefaz3Y2/nukjy76Uc1UFQcjB/vSpFSaGf9m avgFTk3kq7F50s9Mqaw2+i2DMvUHj8l3wgogU8Do8oZ9u+JyT7BeT6WspU8HbDu3PeeF JWDNLZzXf49NIWC6QoIgJWcK1OJDPwg67Q9DFanp21FSJbvbqrbcBhWL4FnmLBeeLAGz SNi4me93EPmG3neQot0hufiha5+9Tc3MjV8+lon8gek+M/JWUgHE5vYdbDei5sqtV1ea Uuag== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=K3tTzxQSgnM5YdTwpvR29suf8F/f2H20aNcQAzC5hp0=; b=KnSCGgaIT8+E1ZIzlLcUCurKX+vD4gSHezXLoW3EGUqiCcGp2AE5vb7il8K0DrhC2h miRWtCN0Q3lrUkHfaFpJghyTsp5PqffXCcnxMVCPKBznrxAYOwiFoehBhk2ZLghYv7gi UYCx67Q1WZsTJYnyvYE1it79faV5MNvWFNUKL2YaO9HNB6p7i76EDSo54WhusBFQBBPr kRJCE/Estz4z6cLzcpHtsRtGmYpvZnDjbUAw22ARms3OpQS6R5AYjRE6DbkzW9L7drJj 1eY/N3zbl7WGez/wT+4w4FjTE//SiPhVjMd8E+ovmpMXuPRxg7hzlz+VEMbGLjzVWdHZ gCWg== X-Gm-Message-State: APzg51ANcVisyd4Ct0JMbKZwg9+PVSsBXAAYvVke1Cv2eIzfg4Quu4F9 fQ//k8Psiztvsjhbng66kxzT7X+GSWIMh0grgIGAog== X-Google-Smtp-Source: ANB0VdYWsSIFpabZnXKS5Q6fgRUsvbWOfetExntv0mBGUfNK0FBmxAhVkL9IwVDZ0PslBd0qNr7Ti/c9gcnpkBAGhf8= X-Received: by 2002:ab0:49e2:: with SMTP id f31-v6mr20148761uad.117.1536115673796; Tue, 04 Sep 2018 19:47:53 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a67:7b42:0:0:0:0:0 with HTTP; Tue, 4 Sep 2018 19:47:53 -0700 (PDT) In-Reply-To: References: From: Alejandro Imass Date: Tue, 4 Sep 2018 22:47:53 -0400 Message-ID: Subject: Re: Credentials/keychain/keystore for server applications on FreeBSD? To: Outback Dingo Cc: FreeBSD Questions Content-Type: text/plain; charset="UTF-8" X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Sep 2018 02:47:55 -0000 On Tue, Sep 4, 2018 at 9:15 PM, Outback Dingo wrote: > On Wed, Sep 5, 2018 at 2:53 AM Alejandro Imass wrote: >> >> Hi, >> >> Are there any tools that can store application credentials in encrypted >> form and then provide them to applications in a secure manner at runtime ? >> [...] > > hashicorps vault is in ports > > https://www.vaultproject.io/ > Wow, nailed it !! I was thinking along the lines of the JSK and Amazon's KMS but I knew there must be something better or at least better suited for this particular task. I found this very interesting: https://www.vaultproject.io/intro/vs/kms.html Vault seems almost exactly what I was looking for! Thank you very much !!! Best, Alex