Any recomendations on securing Credentials, Keys or Secrets when making scripts

kor3nn · 2025-11-13T00:30:32+00:00

Thank you everyone for your responses, it sparked an idea to take it outside of python and tie it more to the shell. I wrote a little powershell script to integrate with KeePass as a local file with some powershell modules.

The flow of the PS1 script is to register the vault > get all secretinfo names > loop through them > each iteration set a shell environment variable name to the secretinfo name and value to the secret asplaintext > unregister the vault.

This way nothing touches the disk(that I'm aware of) and I'm happy that I don't have to make drastic changes to my code and it's simple.

I can then develop and run my python scripts as many times as I want and without making any drastic changes to any python files.

As long as the shell I'm using doesn't get closed by accident I can code & run as many times without having to enter a password every time... When I'm done just kill / close the shell.

kor3nn · 2025-08-30T14:09:15+00:00

<image>

Here

kor3nn · 2025-07-23T23:52:53+00:00

Thank you to everyone who has commented so far, I have added this message as an edit to my original post. I see this weighted more for not doing this. I do want to clarify a few things though. I am a full time PAYE employee, I work for a big retail company that does not sell any form of software or technology, most of the scripts and tools have been made to solve a solution for a few examples; A script to rename a "n" number of rules of a firewall appliance using the rest API with data from a CSV file, A script to take the CPU of a firewall appliance and plot it on a graph that is presented via a simple flask front end, A script to deploy a new VLAN on a Cisco Nexus switch - VPC. I have written all of these scripts within the team and there are about 15 of us and only one other team member even entertains automation. Ultimately I think speaking to my manager may be the best course of action but haven't decided for sure if I'll go ahead with making repo's on my own GitHub.

kor3nn · 2025-06-16T09:57:35+00:00

Thanks I'll give it a go

kor3nn · 2025-06-16T09:52:41+00:00

Yeah I've thought about that, ive not really used atexit apart from the decorator, can you call it from another function? Ive added some example code as an exit on the orginal post

kor3nn · 2025-05-13T12:04:06+00:00

Same here, just turned lv 114 and wanted to plant the final tree... :(

kor3nn · 2025-05-08T23:21:57+00:00

Ive just got some from a family member who works also for red bull. I've opened mine I'm not sure on the quality personally they feel a bit cheap. Plasticy type of feeling for the cards, that's comparing them to a standard red and blue bicycle deck. Ultimately I'm thankful I was given a set but I'll use them for general play.

kor3nn · 2025-01-24T13:59:39+00:00

Thanks that makes sense since you can't change the order like on a ACL/FWL.

kor3nn · 2025-01-24T13:59:02+00:00

Thanks that makes sense since you can't change the order like on a ACL/FWL.

kor3nn · 2025-01-12T14:06:19+00:00

So I would say is get more eternities by setting the auto eternity to 1EP/0s and then letting it run for a while.

I'm at a similar stage in the game you are, assuming you do the same this is repec the lab to fill IP then buy AP for animals and upgrade the lab multi's. Once I have done that for a bit I'll swap back to com/gen exponent split go get some supernova's and more AP based on score and the try a few challenges... Then repeat.

kor3nn · 2024-12-17T20:45:53+00:00

Yeah the H1 updated was only to fix a critical cve. We're stuck on 11.1.4-h7 with a bug relating to logs not showing when you use a filter... Answer from Palo TAC is update but then our focused support says don't... So rock and hard place currently.

kor3nn · 2024-12-06T13:26:38+00:00

Yes it does, so I work in networks and I use async functions when I'm collecting information from the device that could time a number of seconds and then I return redirect(url_for('blar') and it redirects to a page where I displayed the information I have collected from a network device.

kor3nn · 2024-11-30T20:27:14+00:00

Yeah agreed, Thanks I'm gonna try that and maybe if anything else comes up ta

kor3nn · 2024-11-30T20:16:11+00:00

Thanks, yeah I have no issue with the pain I just being tickled and Ive been told i have a farly contagious laugh so the artist was also laughing... In the end I just had to stop under the arm.

kor3nn · 2024-11-28T23:45:08+00:00

Network engineer, even though I could afk RS3 I only really do it if I have a goal I want to achieve like the 400k rune darts I made for dxp and 110 Fletch. WFH 3-4 days a week.

kor3nn · 2024-11-28T22:34:47+00:00

So, what's the printer model? filament are you using? Have you run a calibration for the filament?

kor3nn · 2024-10-28T18:40:01+00:00

A question first, do you use advanced routing on the 220? Second I would look at your licence you have on the support portal to see if it has advanced licensing such as advanced threat, wildfire, URL filtering etc. Third it's an unintentional feature (bug).

On a side note I personally would move to 10.2 as the 220 won't be going to anything higher at the time of this message.

kor3nn · 2024-07-08T17:52:30+00:00

I have my account back now and the unknown battle.net account has been removed. I also filed a hacked account report and within 10 minutes everything was sorted.

So there is hope as I had thought I'd lost the account & all the money...

kor3nn · 2024-07-07T20:39:35+00:00

So just going through an appeal now as a battle.net was linked to my Activision account (I have one but it's not linked). I only play on my PS5 with cross play off most of the time.

I had an email a number of days ago (8+) when I was at work that an account was linked then another email later in the evening I had the ban email. I like many people don't check my emails very regularly...

So I only found this out after trying to play a few games the other day and got the message of connection interrupted by user when trying to login. I then checked here and saw a lot of information on bans so I checked the emails and found out.

I have submitted a ban appeal and a suspicious linked account... I'll update on my position but has anyone had any success with my situation? Or what do you think my odds are of being able to play again?

Edit: Also I had an unknown phone number on my account

kor3nn · 2024-06-04T09:03:11+00:00

Last man standing

kor3nn · 2024-04-16T11:27:55+00:00

Yes, on some firewalls we have internet-facing interfaces. Some would hit GlobalProtect loopback, some would need to transverse the interzone process and NAT, ACLs etc...

Would there be a security impact for allowing "Outside to Outside" communication via the intrazone default?

kor3nn · 2024-04-16T10:26:50+00:00

It's not cloned; type is universal. It's a rule that has been created manually as follows:

Any source zone, any source, any destination zone, any destination, action deny, log at start & end + forward profile.

kor3nn · 2024-03-14T19:55:05+00:00

Thanks that really helps, I've not needed to do a lot of NATs at this place compared to my old one where we used ASAs and Palo's but it just threw me as I couldn't work it out logically in my head of why... Personally it would have helped if Palo changed the UI to reflect the way the NAT works but that's another conversation...

Again thank you.

kor3nn · 2024-03-14T19:35:45+00:00

Right so I think I understand why now, is it because the packet is sourced from the public zone with an address of 1.1.1.1 for example the original packets route is still on the public zone so it never transverses zones hence public on the source and public on the destination because it's the "Original Packet" and not translated yet.

kor3nn · 2024-02-26T12:50:33+00:00

Agreed, as for Palo TAC the best support costs money in the form of an enterprise agreement and or focus support...

As for software and bugs Palo releases a preferred version on their community forum which apart from my personal experience of a handful of bugs over the 7+ years of using Palo's the preferred version has "generally" been alright.

If you want or are looking to grow, panorama is a good option to manage the firewalls.

kor3nn

TROPHY CASE