DEV Community

sidpalas
sidpalas

Posted on

10 3

How to Properly Manage Application Secrets (From Beginner to Expert!) 🔐

Where do you fall on the scale? Are there any levels I missed?

  • Level -2: No authentication
  • Level -1: All passwords = "password"
  • Level 0: Hardcode everywhere
  • Level +1: Move secrets into a config file (and add to .gitignore)
  • Level +2: Encrypt config file
  • Level +3: Use secret manager (e.g. AWS Secrets Manager)
  • Level +4: Dynamic ephemeral credentials (using a tool like Hashicorp Vault)

Top comments (1)

Collapse
 
sidpalas profile image
sidpalas • Edited

For personal projects, Level 1 is usually fine, but for anything professional, I generally go with at least Level 3!

Image of Docusign

🛠️ Bring your solution into Docusign. Reach over 1.6M customers.

Docusign is now extensible. Overcome challenges with disconnected products and inaccessible data by bringing your solutions into Docusign and publishing to 1.6M customers in the App Center.

Learn more