I'm trying to insert sensible data into a file. I'm trying to write a MySQL configuration file dynamically. The file contains this:
[client]
password: 87sfZEKEF,5
The script that I used is owned by root, and therefore "nobody" can see its content. I'm trying to find the most secure command, or way, to pass the content of the file to the actual file. The actual file has an unguessable name, and is secured with chmod 600 just after it's written.
The possible problems that I see is:
If I use echo:
echo -e "[client]\npassword: 87sfZEKEF,5" > /tmp/unguessable/path/to/dynamic/mycnf
Then the ps command would probably be able to catch the password, is that right ?
What about using heredoc syntax?
cat << EOF > /tmp/unguessable/path/to/dynamic/mycnf
[client]
password: 87sfZEKEF,5
EOF
Is this more secure? Are there more secure ways?
Is there a "totally" secured way (or, what's the most secure and reasonable way) to write such a file?