I am looking for a safe way to save credentials (like SSH credentials) in the backend of a Webserver (which would be Node.js in my case).
I already thought about hashing, but then you have to enter the password every time and it should work without entering the password again.
SSH
For SSH credentials, I would recommend you Setup Passwordless SSH.
On server you/the application will use to SSH into the target server
Step 1: Generate a key pair
$ ssh-keygen -t rsa # press enter on all promptsThe above command will generate SSH RSA private and public keys under the user’s home directory, /root/.ssh/. The private key, id_rsa has to be kept secure on the node. The public key, id_rsa.pub should be copied over to the target server that want to be accessed passwordlessly.
Step 2: Copy the SSH public key to the target server
$ ssh-copy-id -i ~/.ssh/id_rsa <ip_address_of_the_target_server>The command
ssh-copy-idwill simply copy the public key from the source server and add it into the destination server’s authorized key list, default to~/.ssh/autohorized_keysof the authenticated SSH user. If password authentication is disabled, then a manual copy is required. On application node, copy the content of SSH public key located at ~/.ssh/id_rsa.pub and paste it into ~/.ssh/authorized_keys of the target now.For more info on passwordless SSH check out this article: https://www.strongdm.com/blog/ssh-passwordless-login
Other Credentials
For other credentials, more secure approaches would be to use
Environment Variables: Use a library like
dotenvto load them securely during runtime.Secure Credential Management Services: Dedicated services like AWS Secrets Manager, Azure Key Vault, or Google Cloud Secret Manager.
Session-Based Tokens: Instead of storing raw credentials, utilize temporary session tokens for authentication.
I hope all this helps.