Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Worker: remove secret from env #773

Open
josephjclark opened this issue Sep 18, 2024 · 2 comments
Open

Worker: remove secret from env #773

josephjclark opened this issue Sep 18, 2024 · 2 comments
Assignees

Comments

@josephjclark
Copy link
Collaborator

The worker start script, once the server has started, should delete WORKER_SECRET from the env.

This ensures that once the worker instance has the secret in memory, any attacker on the server can no longer access it.

This also means that the server can't be restarted without the container being destroyed (which is probably good)

@github-project-automation github-project-automation bot moved this to New Issues in v2 Sep 18, 2024
@josephjclark josephjclark self-assigned this Sep 18, 2024
@josephjclark
Copy link
Collaborator Author

Obviously you can't just do process.env, you have to properly unset it

@josephjclark
Copy link
Collaborator Author

@taylordowns2000 @stuartc Ok, unfortunately it turns out this won't work.

A child process cannot affect the environment of its parent. So within the node runtime (or even with pnpm) there's no way to clear an environment variable from the system.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
Status: New Issues
Development

No branches or pull requests

1 participant