May 12, 20206 yr My standard disclaimer: I only know enough to break things that I don't know how to fix... Question 1: I've written my go file such that at boot, I get my array passphrase via AWS Secrets Manager and write it to /root/keyfile. unRAID then uses /root/keyfile to unlock/startup my array. I've been manually deleting my keyfile after startup. Can I just add the following to the go file to automatically delete the keyfile 5 minutes after startup: sleep 300s shred /root/keyfile Or should I just write a user script with the above commands via the User Scripts plugin to be executed after Array start? Question 2: From what I've managed to glean from the forums, in unRAID 6.8+, passphrases seem to be more secure than keyfiles as passphrases are not written to a visible-to-user file (even ones that only exist in RAM). The aws-cli command I use for the procedure above retrieves a string, not a file. So, is it possible to use the output of this command as the passphrase rather than writing it to a file first? Thanks! Edited May 12, 20206 yr by rragu changed rm to shred
Archived
This topic is now archived and is closed to further replies.