Jump to content
rragu

A couple of questions re: keyfiles/passphrases

2 posts in this topic Last Reply

Recommended Posts

Posted (edited)

My standard disclaimer: I only know enough to break things that I don't know how to fix...

 

Question 1:

I've written my go file such that at boot, I get my array passphrase via AWS Secrets Manager and write it to /root/keyfile. unRAID then uses /root/keyfile to unlock/startup my array. I've been manually deleting my keyfile after startup.

 

Can I just add the following to the go file to automatically delete the keyfile 5 minutes after startup:

sleep 300s
shred /root/keyfile

Or should I just write a user script with the above commands via the User Scripts plugin to be executed after Array start?

 

Question 2:

From what I've managed to glean from the forums, in unRAID 6.8+, passphrases seem to be more secure than keyfiles as passphrases are not written to a visible-to-user file (even ones that only exist in RAM). The aws-cli command I use for the procedure above retrieves a string, not a file. So, is it possible to use the output of this command as the passphrase rather than writing it to a file first?

 

Thanks!

Edited by rragu
changed rm to shred

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.