Kim Arnett [she/her] leads the mobile team at Deque Systems, bringing expertise in iOS development and a strong focus on accessibility, user experience, and team dynamics.
Agree !! See this a lot in mobile apps too. Do you know what a good way to hide keys is? I see some people suggest putting them in a server call, but that doesn't make them any safer IMO. Thoughts?
Hacking a server is a lot harder IMO. Putting API keys in environment variables on the server is the most practical idea. I feel It is a lot easier to do "man-in-the-middle" attack on a website to manipulate data.
You can filter access to your server to allow data coming in from a few points. Also logging in through ssh with RSA Keys make it almost impractical to break that password.
Secret management is becoming a core concern for configuration management. There's a number of tools that deal with this -- check out writeups like Infrastructure Secret Management Software Overview for details and comparisons
Several days ago I came across some post (altough old, I think still valid), explaining a method on how to store keys and passwords in your public repo.
Agree !! See this a lot in mobile apps too. Do you know what a good way to hide keys is? I see some people suggest putting them in a server call, but that doesn't make them any safer IMO. Thoughts?
Hacking a server is a lot harder IMO. Putting API keys in environment variables on the server is the most practical idea. I feel It is a lot easier to do "man-in-the-middle" attack on a website to manipulate data.
You can filter access to your server to allow data coming in from a few points. Also logging in through ssh with RSA Keys make it almost impractical to break that password.
Secret management is becoming a core concern for configuration management. There's a number of tools that deal with this -- check out writeups like Infrastructure Secret Management Software Overview for details and comparisons
Several days ago I came across some post (altough old, I think still valid), explaining a method on how to store keys and passwords in your public repo.
zero-one.io/blog/2015/04/14/safely...