Environment variables written using agent.set_env() are stored in NS8 Redis and are readable by everyone. We need to avoid to use agent.set_env() for sensitive variables.
One Proposed solution is to write configuration to a json file, backup it, and write configuration to environment on module configure.
Another solution is to use core functions read_envfile/write_envfile, to store sensitive variables.
Implementing this will probably cause regressions in installation, backup and restore, migration from 7 and move/clone from node to node.
Environment variables written using agent.set_env() are stored in NS8 Redis and are readable by everyone. We need to avoid to use agent.set_env() for sensitive variables.
One Proposed solution is to write configuration to a json file, backup it, and write configuration to environment on module configure. Another solution is to use core functions read_envfile/write_envfile, to store sensitive variables.
Implementing this will probably cause regressions in installation, backup and restore, migration from 7 and move/clone from node to node.
Actions to modify:
create-moduleupdate-moduleimport-moduletransfert-stateclone-modulerestore-module