Password Security

Specifying a Password Argument

When you supply a password as a command line argument, that argument is visible to casual observers. For example, command line arguments appear in the output of the UNIX ps command.

-p password or --password password

Optional. Required for communication with a secure FTL server.
The repository authenticates itself to the FTL server using this password. The password can be supplied using one of the following forms:
stdin
env:environment_var_name
file:password_file_path
pass:password

Form

You can supply password arguments in any of the following four forms. Choose exactly one form.

stdin

After entering the password, it is no longer visible to anyone and no password related information is available from the process command line either in the window, where the Schema Repository was started in or from the shell command like ps or other similar commands.

You could use an encrypted password management application to supply the password to stdin. In this scenario, the password is not visible during any task step.

file:file_path

You must create a text file that contains only the password itself, store that file on a file system accessible to the Schema Repository process, and ensure the security of that file in such a manner to prevent unauthorized users from viewing its contents.

env:environment_var

You must set an environment variable in the environment accessible to the Schema Repository process. The value of that variable is the password string. You must ensure that only authorized personnel have access to that shell, where the environment variable is set.

pass:password

Warning: With the pass form, the password remains in the process command line, which is visible to any system user using the command to display running process information. Do not use this form for production deployments.