Hi @rmoore, great question!
- the communication between the device and the resin.io services is secured via standard secure web communication.
- the variable is stored in the file system, so the supervisor can inject it into the user container whenever the container is started, and so that this can happen after reboots and without further access to the internet
- on the file system they are not encrypted, as if they were, the system needs to be able to decrypt them without network, so the decryption key would need to be there, completely negating the encryption in the first place
Thus to protect the data within your environment variables, you need to have physical security for the device (i.e. making sure that others don’t have access to it for example to remove and clone the SD card).
We are evaluating other paths as well, for example using secure enclaves, such as TrustZone on ARM devices or TPM for platforms that have that, but it’s a tough nut.
You can also check out this other thread regarding secrets management: