This extremely common question always has the same inescapable conclusion.
Moderator's Comments:
|
|
If your database/machine/client can decrypt it at will without secrets -- so can anyone else.
|
|
Even if you shc it that doesn't prevent people from, say, copying it to a different machine without your permission, somewhere they can control what shell is used so as to extract the contents.
Yes, but --
Encryption does not work that way.
But what if --
Encryption does not work that way.
Maybe if it --
Encryption does not work that way.
To prevent people from reading your scripts/passwords, chmod.
To prevent people getting access to something which reads the scripts/passwords, sudo.
To prevent root from getting at it... You're out of luck.