set
commands values can be read by all accounts.
Thus, set
commands should never contain passwords.
This is definitely not the case. The set
command only sets environment variables for the current process (and its children). You might be thinking of setx
which sets a permanent environment variable that would apply to the current process and any new processes, but only in the context of the current user (without additional parameters to specify a system-wide environment variable).
You can verify it by doing the following.
- Open
cmd.exe
and runset blah=secret
followed byecho %blah%
- Open a new
cmd.exe
without closing the first one and run anotherecho %blah%
- Go back to the first instance and run
powershell.exe
followed bygi env:blah
The first instance and its powershell child will show the value of blah
. But the second instance won't.
OK, I stand corrected.
Now the trick is issuing that set
command within the same call to certbot
.
Note that you want the same Envorinment settings when the automated renewal task kicks in! In the end, I'd feel much safer with a) adjusting the company policy to allow that one server in question to access that one url in question without credentials compared to b) hard-coding the renewal task to somehow issue proxy credentials that never expire
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.