DEV Community


Posted on

How to Properly Manage Application Secrets (From Beginner to Expert!) 🔐

Where do you fall on the scale? Are there any levels I missed?

  • Level -2: No authentication
  • Level -1: All passwords = "password"
  • Level 0: Hardcode everywhere
  • Level +1: Move secrets into a config file (and add to .gitignore)
  • Level +2: Encrypt config file
  • Level +3: Use secret manager (e.g. AWS Secrets Manager)
  • Level +4: Dynamic ephemeral credentials (using a tool like Hashicorp Vault)

Top comments (1)

sidpalas profile image
sidpalas • Edited

For personal projects, Level 1 is usually fine, but for anything professional, I generally go with at least Level 3!