Answer the question
In order to leave comments, you need to log in
T
T
Taurus2021-08-07 08:55:16
Taurus, 2021-08-07 08:55:16
How to securely store the authentication key?
There is a small php application that connects to an external service using Bearer Authentication
and receives data.
Send headers
...
'headers' => [
'Content-Type' => 'application/json',
'Authorization' => 'Bearer ' . $key,
],
...The application receives the $key via the web form (method post).
There is a task to automate the process of obtaining data, and run the application via cron, for example.
You cannot store $key in clear text.
It is necessary to make sure that $key cannot be decrypted under any circumstances, even if the server is hacked, all sources are obtained and the database dump is dumped, etc.
Is there any way to safely store $key permanently on the server?
2 answer(s)
@SagePtr
@2ord
S
SagePtr, 2021-08-07 @SagePtr
Even from the point of view of common sense, this is impossible. Even if you cunningly encrypt your key, the script will eventually have it in the clear, no one will prevent an attacker from intercepting it at this last moment when it is decrypted.
R
Roman Mirilaczvili, 2021-08-07 @2ord
securely store the keyCan be stored in store in Hashicorp Vault, API access.
Similar questions
B
S
B
J
A
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question