Purity Monitors - Experts Only - Passwords¶
This is how passwords are stored for several applications, such as the ELog plots for the purity monitors and the Java OPC client for the MicroBooNE cyrogenics system.
Getting the Software¶
aescrypt is used for encrypting usernames and passwords. This is a lot better than simply using a text file. To grab and install aescrpyt:
wget https://www.aescrypt.com/download/v3/linux/aescrypt-3.10.tgz tar xzf aescrypt-3.10.tgz cd aescrypt-3.10/src make cp aescrypt ~/bin/ cp aescrypt_keygen ~/bin/
That will install everything.
The File with the Login Information¶
Put a file called .pass.txt in your home directory with the login information you need. Here's an example for the ECL:
ECL username password
Encrypting a Username and Password¶
This assumes you have a .pass.txt file. Come up with a password for your passwords, here randomString. This is a cool site to help with password creation. I strongly encourage you to not include punctuation as it can screw-up bash. To encrypt it, do this:
aescrypt -e -p randomString .pass.txt
To Decrypt and Show the .pass.txt File on Screen¶
aescrypt -d -p randomString -o - .pass.txt.aes
Updating a Password or Adding an Entry¶
Say you need to update a password. To do so, decrypt the .pass.txt.aes file the encryption created:
aescrypt -d -p randomString -o - .pass.txt.aes > .pass.txt
Open up the .pass.txt file with you favorite editor and update it. You can then encrypt it again using this:
aescrypt -e -p newRandomString .pass.txt
You should then remove the .pass.txt file!
Using All of This in Practice¶
In the directory of the script you are running that needs the password, put a file called pass.aes containing the randomString from above. It is important that your pass.aes file and/or your .pass.txt.aes file be protected against unauthorized reading. Ideally both should be protected. Otherwise anyone who reads and understands this page can use pass.aes and aesdecrypt to get your password from .pass.txt.aes. The script needing the login information will be able to find it the password it needs. Do not use the decrypted password in any command line argument, as command-line arguments can be easily seen by any user using ps or /proc/.