Where do you store secret data (environment lane, etc.)?

A

Andrew2020-03-10 16:02:12

Backend

Andrew, 2020-03-10 16:02:12

The question arose after the system and the password from the database flew off, the secret from bcrypt and jwt sunk into oblivion. It's good that this was all for a test project)

They were stored in an .env file, and, of course, were not uploaded to the repository.

It became interesting how it is customary to store these things.

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

S

Saboteur, 2020-03-10
@saboteur_kiev

You can encrypt passwords or env the entire file and store it in the repository, and store only the secret for decryption on the instance. Well, this secret can be photographed once and put in a safe, changed once a year or with another hype in the media about progress in quantum computing.
You can use special storages, especially if you use clouds or containers - both kubernetes and openshift have the ability to store secrets.
You can use third-party services that generally manage your passwords, rotate them themselves, keep track of who and when requests them, such as cyberarchy.