We have encountered an issue regarding environment variables in the Soul application. Currently, there are four environment variables that are sourced both from the command-line interface (CLI) when running Soul in production mode and from the environment variables when running Soul in development mode. Additionally, we are providing default values for certain configuration fields such as auth, tokenSecret, accessTokenExpirationTime, and refreshTokenExpirationTime in the code.
The initial motivation for passing these default values was to prevent the code from crashing when certain fields have undefined values.
However, there is a concern when the administrator runs Soul in production mode. They might prefer not to directly pass certain keys, like tokenSecret, through the CLI command (e.g., soul -d foobar.db -ts TOKEN_SECRET). This is because the script may be invoked from the code, potentially exposing the token secret value.
The vulnerability is that another user on the server can view live processes (ps -a on linux), and so view the token:
In such cases, the administrator may wish to pass some values through the CLI command while keeping other critical values secure by retrieving them from the .env file.
Currently, we are unable to fetch these critical values from the .env file due to the default values assigned to tokenSecret.
Possible Solution
A potential solution for this issue is to remove the default values from the cli.j file (CLI schema) and instead pass these values in the config.js file. By doing so, the code can first check the values from the argv (CLI) and then from the environment. If both of these sources yield undefined values, the code can fallback to using the default third value.
Describe the bug
We have encountered an issue regarding environment variables in the Soul application. Currently, there are four environment variables that are sourced both from the command-line interface (CLI) when running Soul in production mode and from the environment variables when running Soul in development mode. Additionally, we are providing default values for certain configuration fields such as
auth,tokenSecret,accessTokenExpirationTime, andrefreshTokenExpirationTimein the code.The initial motivation for passing these default values was to prevent the code from crashing when certain fields have undefined values.
However, there is a concern when the administrator runs Soul in production mode. They might prefer not to directly pass certain keys, like
tokenSecret, through the CLI command (e.g.,soul -d foobar.db -ts TOKEN_SECRET). This is because the script may be invoked from the code, potentially exposing the token secret value.The vulnerability is that another user on the server can view live processes (
ps -aon linux), and so view the token:In such cases, the administrator may wish to pass some values through the CLI command while keeping other critical values secure by retrieving them from the
.envfile.Currently, we are unable to fetch these critical values from the
.envfile due to the default values assigned totokenSecret.Possible Solution
A potential solution for this issue is to remove the default values from the
cli.jfile (CLI schema) and instead pass these values in theconfig.jsfile. By doing so, the code can first check the values from theargv(CLI) and then from theenvironment. If both of these sources yield undefined values, the code can fallback to using the default third value.