DEV Community

sidpalas
sidpalas

Posted on

10 3

How to Properly Manage Application Secrets (From Beginner to Expert!) 🔐

#webdev #devops #security

Where do you fall on the scale? Are there any levels I missed?

  • Level -2: No authentication
  • Level -1: All passwords = "password"
  • Level 0: Hardcode everywhere
  • Level +1: Move secrets into a config file (and add to .gitignore)
  • Level +2: Encrypt config file
  • Level +3: Use secret manager (e.g. AWS Secrets Manager)
  • Level +4: Dynamic ephemeral credentials (using a tool like Hashicorp Vault)

Top comments (1)

Collapse
 
sidpalas profile image
sidpalas • Edited

For personal projects, Level 1 is usually fine, but for anything professional, I generally go with at least Level 3!

profile
Neon
 Promoted

Billboard image

Create up to 10 Postgres Databases on Neon's free plan.

If you're starting a new project, Neon has got your databases covered. No credit cards. No trials. No getting in your way.

Try Neon for Free →

Read next

renukapatil profile image

Angular Deep Dive: Exploring Templates, View Handling, and Directives

Renuka Patil -

julie_ryan_df9e4e895cdcff profile image

Transform Your Cloud Migration Strategy: Transition Microsoft workloads to Linux on AWS with AI Solutions

Julie Ryan -

dhruvangg profile image

A routing system in JavaScript for Single Page Application

Dhruvang Gajjar -

wparad profile image

AWS Advanced: The Quota Monitor Review

Warren Parad -

👋 Kindness is contagious

Please leave a ❤️ or a friendly comment on this post if you found it helpful!

Okay