Avoid exposing passwords in the process list, use a password file.

2024-01-19 21:43:32 +01:00 · 2024-01-19 21:43:32 +01:00 · 57ec856f49
commit 57ec856f49
parent 917b45aadc
7 changed files with 156 additions and 131 deletions
--- a/roles/lmn_vm/files/vm-sync
+++ b/roles/lmn_vm/files/vm-sync
@ -71,7 +71,8 @@ get_file() {

 push_file() {
   cd "${VM_SYSDIR}"
-   uploadseed --rpc-server "${SEEDBOX_HOST}:${SEEDBOX_RPC_PORT}" --dht-port "${SEEDBOX_PORT}" --rpc-secret insecure --no-cert "${FILENAME}"
+   uploadseed --server "${SEEDBOX_HOST}:${SEEDBOX_RPC_PORT}" --dht-port "${SEEDBOX_PORT}" \
+	      --pwdfile "${SEEDBOX_PWFILE}" --no-cert "${FILENAME}"
 }

 if [[ "$(id -nu)" != "lmnsynci" ]]; then
@ -106,26 +107,25 @@ case "$command" in
   push_file)
      for FILENAME in "$@"; do
 	 push_file
-      done 
+      done
      ;;
   get_file)
      for FILENAME in "$@"; do
 	 get_file
-      done 
+      done
      ;;
   get_image)
      for VM_NAME in "$@"; do
 	 get_torrent
-      done 
+      done
      ;;
   delete_outdated_image)
      for FILENAME in "$@"; do
         delete_outdated_image
-      done 
+      done
      ;;
   *)
      show_help
      exit 1
      ;;
 esac
-