Let’s jump right in. We all know it’s a bad idea to store application secrets within our code. So why we are storing there it still? Let’s take an example.
We could store those secrets in a file and add it to the gitignore so it’s not added to version control. But there are a couple of hurdles:
How do we manage those secrets?
What happens when the local copy is deleted?
How do we share it with other developers?
How do we manage versioning of those secrets during changes and an audit log of who changed what?
A lot of questions! So we end up storing it within the code, since it’s too much complexity to deal with.
For a big application or application which needs a higher level of security, we can use Production grade secret management services like Hashicorp Vault.
In this article, we will look at a decent approach in dealing with secrets while still achieving better security. We are going to achieve this using Google KMS + Git + IAM + automation.
Top comments (0)