I'm using Nolio for deployment where it runs shell scripts that executes several sql scripts.
My question is what will be the best way to store the db passwords for running each script giving that the developer can't know the passwords and they have to be masked or encrypted somehow.
Thanks
Well, what version of CA Release Automation are you using?
Regardless, Nolio/CARA has supported password fields within the process for quite a long time.
Unfortunately, once you call the shell script to execute the DB scripts, you are going to need to either pass the actual password in cleartext, or mask it somehow, which means it could potentially be visible to someone who has access to the physical system.
Honestly, i would use one of the CARA Actions to call the DB scripts directly, instead of through external shell scripts. That way, your passwords will remain encrypted within the CARA database, and masked from all log files and action files, and your system will be secure.