Please, add this ability to Set. I want to backup my settings via duplicati-client by Pectojin. So I don’t want to save this setting in my after backup script and want to get via Set Environment.
Not sure this will accomplish much. If I understand you correctly, you’d rather use
%envvar% in your script instead of
secretpassword. But in the environment,
%envvar% will be set to
secretpassword. So you are just moving the secret information from a file to the environment, which isn’t a secure location either.
One method I’ve used to accomplish your goal is with PowerShell. Secure Strings can store an encrypted password in the script that is only decodable on that same machine and with that same user context. So if someone gets your script they won’t be able to decode the password (unless they also compromise the user account on that machine).
Thank you for the answer. %envvar% is absolutely secure because they set only for afterbackup script.
But I like your solution. It can be the answer.
I never understood the whole step-by-step plan, and what is being run when and how, but I’d note that
Sysinternals Process Explorer has a tab that shows all the environment variables of a running process. You can also see invocation arguments, so passing things in secret is tough… I think permissions help.
Yes, you’re right, but I use UAC, so another process can’t get access to env. variables without raising app rights. So, I think it’s safe solution.