Env vars in systemd or supervisor files are fine for small server projects. But ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		BiteCode_dev on June 24, 2022 \| parent \| context \| favorite \| on: Things I do every time I start a Django project Env vars in systemd or supervisor files are fine for small server projects. But make sure you pop them from the os.environ dict once you read them to avoid accidental exposure. For the desktop, use the keyring module. If you start to scale up your threat model, you should use a vault, but the setup is way more costly, and tricky to get the reboot story right (hence the priviledged first requests comments).

abdusco on June 24, 2022 [–]

> But make sure you pop them from the os.environ dict once you read them to avoid accidental exposure.

I've always accepted this was an attack vector, and some malicious library could extract env vars.

This actually makes a lot of sense, thanks!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact