Obfuscating sensitive information in EXPORT commands

Shell Programming and Scripting
1

Hi.

Been a while since I posted last time, and I hope you all are doing well.
I'm automating a Data Integration process end to end using Shell programming over Linux 2.6x platform, and I'm accessible to Korn and Bash shells with provision to use Perl 5.1 also.
What we do as a common practice to make all global values available to all the scripts is to enlist all EXPORT commands for these in a single flat file(name of the file is global_variable.cfg) and invoke this file at the start of each script.

The structure of this file looks something like below:

export PATH=/usr/bin;/apps/scripts/DEV/
export INST_DEV=gtr_dev
export PWD_DEV=happy123
........

Since this flat file is accessible to all users configured to the system, how can I obfuscate only the sensitive details like database passwords of this file from any unintended user may not be able to track them even if he accesses the file? Also, how can I hide/obfuscate the database passwords from the sql prompts whilst the SQL queries are getting executed?

Any help is highly appreciated.
Please revert for further clarifications.

Thanks.

2

For sqlplus

sqlplus /nolog
conn user/password
@my.sql

Password will not be shown on ps output.

As for other problems, one should not keep passwords in plain text files, rather user oracle wallet or similar tool.

Regards
Peasant.

3

Thanks for the quick response.
But the configuration file(which has all EXPORT commands) not only has DB passwords, but also passwords which are required to perform file SCP's.

For DB's, passwords can be saved in Oracle wallet, but what about the other passwords?

Please help.

Thanks.

4

Why dont you use ssh keys to connect passwordless then since you are using scp...

5

How does that even work? scp doesn't take plantext passwords, you'd have to install an insecure brute-forcing tool to do that.