How Deal With Critical/Secure Info For Program Execution

I am creating an app where I am storing some crucial variables in .env file, but when launching the executable the .env file is easy to access by the user and can be modified or erased. So, how could I “hide” the variables? Is there some similar to .config file that I can create in Go do make this variables safer? Thank you.

That perfectly makes sense; any process with write permissions to those config files can tamper with them.
You could:

  • Create a different user for your app and run your app through that user.
  • Encrypt the config file beforehand.
  • Change the file access permissions for the config files.

I’d be able to further assist you if you tell me how the app’s architectured, which platform it runs on and whether you utilise a containerisation technology.

1 Like

The app is for windows initially, it requests to the user a username and a password then I save them locally on user’s machine inside a normal folder (with the name of the app) in a .env file. The USER and the PASSWORD inside .env are encrypted, but to increase the security I would like to even hide that file from user’s/hackers eyes. I am also aiming a stand alone app with no need for the user download any dependencies. Now when the user runs the .exe for the first time a folder is generated and the .env file write with the credentials encrypted.

This has nothing to do with Go. You can hide files on Windows with ATTRIB +H. This does not hide files from hackers or even from any but the most unsophisticated user. Unix-like file systems “hide” files with names that begin with a period.

You can use the Data Protection API on Windows.
It basically lets you store secrets like symmetric encryption keys and passwords in an OS-level protected vault.

1 Like