Hi all,
In my project I need to transfer secret data from a ThinStation to a session to which the station is connected. What is the best way to achieve that? Some specifics about our setup.
- We have several TL agents behind a load balancer.
- ThinStations are publicly accessible and each can be used by many people.
Following are some ideas I’ve explored so far.
-
ChatGPT suggested to use the option “-e var=value” for tlclient to set environment variables inside the session. However, in the current version “-e” is used to set encoding instead.
-
I tried the “-s” switch to tell tlclient to run a command that would set variables, but the connection is closed immediately once the command finishes.
-
Saving the token inside a local folder that is exported to the session. From my experience this solution is not very stable, so that the token may not be accessible when needed.
-
Saving the token in a local file that is fetched from the session with ssh/scp. In order to make it secure, the connection can be opened by a daemon process running as root. The session then sends a request to the process that can be authenticated.
The last approach seems plausible, but I’m wondering if there’s a simpler one.
Thanks in advance for any help!