rragu Posted May 12, 2020 Share Posted May 12, 2020 (edited) My standard disclaimer: I only know enough to break things that I don't know how to fix... Question 1: I've written my go file such that at boot, I get my array passphrase via AWS Secrets Manager and write it to /root/keyfile. unRAID then uses /root/keyfile to unlock/startup my array. I've been manually deleting my keyfile after startup. Can I just add the following to the go file to automatically delete the keyfile 5 minutes after startup: sleep 300s shred /root/keyfile Or should I just write a user script with the above commands via the User Scripts plugin to be executed after Array start? Question 2: From what I've managed to glean from the forums, in unRAID 6.8+, passphrases seem to be more secure than keyfiles as passphrases are not written to a visible-to-user file (even ones that only exist in RAM). The aws-cli command I use for the procedure above retrieves a string, not a file. So, is it possible to use the output of this command as the passphrase rather than writing it to a file first? Thanks! Edited May 12, 2020 by rragu changed rm to shred Quote Link to comment
rragu Posted May 24, 2020 Author Share Posted May 24, 2020 Anyone have any ideas? Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.