re: I was billed for 14k USD on Amazon Web Services 😱 VIEW POST

TOP OF THREAD FULL DISCUSSION
re: Well encrypt it and decrpyt it with your private key. hash_hmac :)

First of all: The named function hash_hmac does not encrypt. It creates a hash, which cannot be used to restore the original value. It is one way.

If you would use a proper encryption the logic is still faulty.

You have a secret, that cannot be added plainly to the repository. You add some decryption logic, encrypt the original secret and add it to the repository. The original secret is now safe. But now you have another secret (the private key needed for decryption) that cannot be added plainly to the repository.

You still have the same situation plus some extra decryption code, which has to be maintained. Also your build process has to handle the encryption.

code of conduct - report abuse