I'm making a vala application that stores user access credentials in a Gnome Keyring. If no keyring exists for the application, I'd like to create one; however, I would like to create a new keyring. Unfortunately, I don't know how to securely generate a password for the new keyring nor store it someplace so my application can use it later. As it is an open source project, I don't think I should hardcode it into my program and storing it in a hidden conf file would defeat the purpose of using the keyring.
How can I securely generate it and then store it?
Related
I would like to share my NodeRed Code in Github as part of an IOT project, however I would like to keep some of my data private (wifi password, database password, etc).
I could manually erase this information, but this would not be very practical, since I would have to do it every time I update the file.
In my python scripts I use os.environ.get to save my passwords and upload to GitHub securely.
¿Is there some way to set up Node-Red to easily push to GitHub without revealing sensitive information?
Node properties can be pulled from environment variables using the ${} syntax. This is implemented by the runtime so should work in all nodes. If the node uses the typed input widget then they should also support environment variables directly.
Details are in the documentation here: https://nodered.org/docs/user-guide/environment-variables
Secondly any node options that are explicitly tagged as credentials are stored in a separate encrypted file _creds.json. By default this is encrypted in a randomly generated key on first run and stored in a hidden file in the userDir, but you can set your own key in the settings.js file.
If you use the Projects feature to store your flows in a git repository then you will be prompted for the encryption key needed as part of setting up the project or when you check it out. Documentation for projects is here:
https://nodered.org/docs/user-guide/projects/
All this while I have been using username and password while pushing my changes to github. But from Aug 13 2021, github will no longer accept password based authentication and hence I have to use Personal Access Tokens. I have couple of questions regarding this:
Do I need to make any changes to my previous repos which were pushed using password?
What are the next steps that I need to do after creating PAT, if there are any? should I just use it the next time I am pushing a repo or is there more to it?
Thanks!
The change to personal access tokens doesn't affect data that's already pushed. It only affects new attempts to push, so all of your old code should be fine.
Because a personal access token is pseudorandomly generated and hard to remember, if you haven't already, you should set up a credential manager. On Linux, that's usually the libsecret credential helper. If your distro has it packaged, install it, and then the next time you're prompted for your username and password, enter your username and PAT instead. Then it will be saved for the future.
On Debian and Ubuntu, the libsecret credential helper isn't packaged, and you'll need to copy the contents of /usr/share/doc/git/contrib/credential/libsecret into a temporary directory, install the libsecret-1-dev and build-essential packages, and then run make in that directory. Then copy the git-credential-libsecret binary into someplace in PATH, such as ~/bin (if you have such configured).
Note that if you're working on a Linux system without a desktop environment, then the libsecret credential helper won't work, and you may wish to use an SSH key and SSH remotes instead.
I am building an application and I also have the keystore for it. But, now I have to change my laptop and run the application on the new laptop so can I use the same keystore?
Yes. You can use the same keystore.
If your application code is the same and the location it reads the keystore from is the same, you can basically replicate your application on your new workstation exactly like your old workstation.
I wish to encrypt the contents of my program when the program is visited in Windows Explorer but I find that none of the files are encrypted once the program is installed. I have set encryption to yes and set a password but none of the files in any of the folders are encrypted. Besides setting encryption and setting a password, I'm not sure what else one can do to ensure encryption. Is there anything I'm missing?
Indeed, the Inno Setup encryption encrypts only the installer. The installed files are decrypted during installation. That's by design. How would your application be able to use them, if they were encrypted using a password the application is not aware of?
If you want to have the installed files encrypted, you have to encrypt them yourself before compiling the installer. And your application must prompt user for a password to be able to decrypt them.
You can also of course hard-code the password to your application. But that's not safe enough. There's generally no way to safely encrypt data in a way that allows automatic decryption.
It might be dumb to ask, but I really have a problem with my master password. I need to generate the apk file, but I totally forgot my master password. The question is can I reset my master password, and if i did, is there any effect with my keystore? Can I use the old one?
It has nothing to do with KeyStore, think of it like if you using the same KeyStore in your office and home and you reset the master password at home, how it will affect the KeyStore in office?
Well this was a simple example :) Master password is an extra layer of security so not anyone with access to your PC can generate build APKs if you have checked to save the KeyStore password.
Hope this helps