I am using OpenSSL to encrypt files on my server.
The command I am using is similar to this one:
openssl enc -aes-256-cbc -salt -in file.txt \ -out file.enc -pass pass:mySillyPassword
My worry is that the password will be saved in the logs of my server.
What is the best way to encrypt my files with OpenSSL without having the password saved on the server logs?
IMPORTANT I am executing this command via PHP. The the command is stored in a shell script file. That PHP just executes.
UPDATE
I am generating different keys for each file encrypted.
use php-oopenssl.. instead, http://php.net/manual/en/function.openssl-encrypt.php . Also, using a shell script is very vulnerable. Anyone might see the password from ps -ax command or similar.
Assuming that ONLY ROOT can see the password, the password (that too encrypted ideally by 2nd-hardcoded password) should be read from a root:root owned file with 0600 chmod options. The web-server when starts as a root, will have access rights to that file. The server can set that file content (i.e the password) as an env-variable for php files into some global variable. I had tried something like that long time ago & it worked.
-Trilok.