Password Security

Password Argument

When you supply a password as a command line argument, that argument is visible to casual observers. For example, command line arguments appear in the output of the UNIX ps command.

You can supply password arguments in any of the following four forms. Each form results in a different level of security for the password, along with associated precautions you must take. Choose exactly one form.
Form Description
stdin This form can provide maximum security: after entering the password, it is no longer visible to anyone.
You can pipe the password to the realm server executable through stdin. For example, in UNIX environments, you could use this command line:
echo my_password | tibschemad ... --password stdin

You could use an encrypted password management application to supply the password to stdin. In this scenario, the password is not visible during any task step.

file:file_path This form can provide excellent security: only the file path is visible to observers.

You must create a text file that contains only the password itself, store that file on the file system of the realm server's host computer, and ensure the security of that file.

env:environment_var This form can provide excellent security.

You must set an environment variable in the shell where you run the realm server. The value of that variable is the password string. You must ensure that only authorized personnel have access to that shell.

pass:password
Warning: With this form the password remains in the process command line, which is visible to casual observers. Do not use this form except during development and early testing phases.