How can I encrypt or hide passwords in a Perl script?

Ville M picture Ville M · Mar 3, 2009 · Viewed 20.5k times · Source

I am working on Perl script that uses Expect to login via telnet to remote machines (don't ask, gotta use telnet). I also do perforce p4 login operations as necessary and use expect to pipe in the correct passwords. For now I just read passwords from clear text environment variable, i.e. export PASSWORD=password, which I know is no good security wise.

What's the best way to store passwords for scripts like these that need a lot of passwords for multiple systems? Encrypted in a text file somehow? Or something else?

Keep in mind I can't easily change the existing systems, like for example I can't really install SSH or anything like that.

Answer

Kevin Lacquement picture Kevin Lacquement · Mar 3, 2009

Probably your best way is to put the passwords in a separate file, and lock the security for that file down so only you have read access. Unfortunately, if you store an encrypted password in your script, you'll also have to store the decryption method, so an attacker can run the decryption and recover your password.