set commands values can be read by all accounts.
Thus, set commands should never contain passwords.
1 Like
This is definitely not the case. The set command only sets environment variables for the current process (and its children). You might be thinking of setx which sets a permanent environment variable that would apply to the current process and any new processes, but only in the context of the current user (without additional parameters to specify a system-wide environment variable).
You can verify it by doing the following.
- Open
cmd.exeand runset blah=secretfollowed byecho %blah% - Open a new
cmd.exewithout closing the first one and run anotherecho %blah% - Go back to the first instance and run
powershell.exefollowed bygi env:blah
The first instance and its powershell child will show the value of blah. But the second instance won't.
5 Likes
OK, I stand corrected.
Now the trick is issuing that set command within the same call to certbot.
1 Like
Note that you want the same Envorinment settings when the automated renewal task kicks in! In the end, I'd feel much safer with a) adjusting the company policy to allow that one server in question to access that one url in question without credentials compared to b) hard-coding the renewal task to somehow issue proxy credentials that never expire
1 Like
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.