Web: https://www.reddit.com/r/websec/comments/s1bxo1/passing_secrets_over_https/

Jan. 11, 2022, 12:36 p.m. | /u/willitbechips

Discussion and Disclosure of Web Vulnerabilities reddit.com

Would you?

Many say store secrets like API keys in env variables. Threats include env dumps on the server and accidental commits to code repositories.

An alternative is to store secrets in an encrypted database and pass them using HTTPS meaning they only need to exist in memory on the server.

There are services that offer the latter. Do you use them? What extra things do they do beyond encrypted database, use of HTTPS and rotating keys to ensure security?

submitted by /u/willitbechips
[link] [comments]

https secrets websec

Data Security Analyst Intermediate/Associate

@ University of Michigan - ITS | Ann Arbor, MI

Data Security Analyst Intermediate/Associate

@ University of Michigan - ITS | Ann Arbor, MI

Information Security Engineer

@ Arnold & Porter | Washington, DC

IT Policy, Governance, and Compliance Analyst

@ University of Michigan - ITS | Ann Arbor, MI

Director, Security and Trust - Remote

@ Elemy | United States

Senior Program Manager (Security)

@ Elemy | United States